CVE-2024-41684

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*

History

06 Aug 2024, 13:25

Type Values Removed Values Added
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*
First Time Syrotech
Syrotech sy-gpon-1110-wdont
Syrotech sy-gpon-1110-wdont Firmware
CWE NVD-CWE-Other

01 Aug 2024, 08:15

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad existe en el enrutador SyroTech SY-GPON-1110-WDONT debido a la falta de un indicador de seguridad para las cookies de sesión asociadas con la interfaz de administración web del enrutador. Un atacante con acceso remoto podría aprovechar esto interceptando la transmisión dentro de una sesión HTTP en el sistema vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir al atacante capturar cookies y comprometer el sistema objetivo.
References
  • {'url': 'https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225', 'source': 'vdisclose@cert-in.org.in'}
  • () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225 -

26 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-26 12:15

Updated : 2024-08-06 13:25


NVD link : CVE-2024-41684

Mitre link : CVE-2024-41684

CVE.ORG link : CVE-2024-41684


JSON object : View

Products Affected

syrotech

  • sy-gpon-1110-wdont
  • sy-gpon-1110-wdont_firmware
CWE
NVD-CWE-Other CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute