The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2274)