Critical

Misfortune Cookie in AllegroSoft RomPager

IdentifiersCVE-2014-9222CWE-119

CVE-2014-9222, known as Misfortune Cookie, affects AllegroSoft RomPager 4.34 and earlier, including deployments in Huawei Home Gateway products and other vendors' embedded devices. The vulnerability is triggered by a crafted HTTP cookie that causes memory corruption in the RomPager web server, allowing a remote attacker to gain elevated privileges on the affected device. The provided content identifies the issue as a remotely exploitable flaw in RomPager and notes its presence in embedded networking products such as home gateways and session border controllers.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow a remote attacker to gain privileges on the affected device. In embedded gateway and network appliance contexts, this can result in unauthorized administrative control of the device, compromise of management functions, and potential follow-on access within the surrounding network environment.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict network exposure of the embedded web management interface, especially from untrusted networks and the public Internet. Limit administrative access via firewalling, management-plane segmentation, and ACLs; disable unnecessary remote management services where feasible; and monitor for suspicious HTTP requests involving malformed or unexpected cookie values. Because exploitation is remote via the web interface, reducing HTTP/HTTPS management exposure is the primary mitigation.

Remediation

Patch, then assume compromise.

Upgrade or replace affected firmware and products that include AllegroSoft RomPager 4.34 or earlier with vendor-provided fixed versions. The provided content specifically notes that certain AudioCodes Session Border Controllers were patched in 2024 and that firmware sbc-F7.40A.500.781 was reported as not vulnerable, while sbc-F7.40A.005.619 was vulnerable. For other affected vendors, apply the relevant vendor firmware updates that remove or update the vulnerable RomPager component.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

AllegrosoftRompagerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

mdpiNews

May 2, 2026

Evolving IoT Botnet Threats and Practical Honeypot Observation: A Summary Review and Experimental Study

An IoT vulnerability cited as an example of insecure Telnet services used to emulate common botnet-targeted device weaknesses in the honeypot study.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2014-9222

NVD

nvd.nist.gov/vuln/detail/CVE-2014-9222

MITRE CWE · CWE-119

cwe.mitre.org

Vendor Advisory

huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-407666.htm

Third Party Advisory

mis.fortunecook.ie

Third Party Advisory

seclists.org/fulldisclosure/2014/Dec/87

Third Party Advisory

kb.cert.org/vuls/id/561444

Third Party Advisory

allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html

securityfocus.com

securityfocus.com/bid/105173