SynopsisThe remote host is affected by multiple remote code execution vulnerabilities.
DescriptionAccording to its banner, the remote host is running a version of Allegro Software RomPager 4.07 to 4.33. It is, therefore, affected by multiple vulnerabilities :
- A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative privileges and to possibly conduct attacks against connected devices.
- A digest authentication buffer overflow flaw exists that allows a remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2014-9223)
SolutionContact the vendor for an updated firmware image. Allegro addressed both issues in mid-2005 with RomPager version 4.34.