Lucene search

[email protected]NVD:CVE-2024-41684

HistoryJul 26, 2024 - 12:15 p.m.

CVE-2024-41684

2024-07-2612:15:02

CWE-614

[email protected]

web.nvd.nist.gov

syrotech router

session

vulnerability

http

exploitation

remote access

security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.6%

JSON

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router’s web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.

Affected configurations

Nvd

Node

syrotechsy-gpon-1110-wdont_firmwareMatch3.1.02-231102

AND

syrotechsy-gpon-1110-wdontMatch-

VendorProductVersionCPE
syrotechsy-gpon-1110-wdont_firmware3.1.02-231102cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
syrotechsy-gpon-1110-wdont-cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
syrotech	sy-gpon-1110-wdont_firmware	3.1.02-231102	cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:::::::*
syrotech	sy-gpon-1110-wdont	-	cpe:2.3:h:syrotech:sy-gpon-1110-wdont:-:::::::*

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.6%

JSON

Related for NVD:CVE-2024-41684

cvelist1 vulnrichment1 cve1