CVE-2024-41684 Vulnerability Details

  /     /     /  

CVE-2024-41684 Metadata Quick Info

CVE Published: 26/07/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: CERT-In | Vendor: SyroTech | Product: SyroTech SY-GPON-1110-WDONT router
Status : PUBLISHED

CVE-2024-41684 Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router\'s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-614
CWE Name: CWE-614: Sensitive Cookie in HTTPS Session Without Secure Attribute
Source: SyroTech

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-102
CAPEC Description: CAPEC-102: Session Sidejacking


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-41684 Vulnerability Details