CVE-2024-41685 Vulnerability Details

  /     /     /  

CVE-2024-41685 Metadata Quick Info

CVE Published: 26/07/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: CERT-In | Vendor: SyroTech | Product: SyroTech SY-GPON-1110-WDONT router
Status : PUBLISHED

---

CVE-2024-41685 Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router\'s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1004
CWE Name: CWE-1004: Sensitive Cookie Without HttpOnly Flag
Source: SyroTech

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).