Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-41685
Undergoing Analysis
More InfoOfficial Page
Source-vdisclose@cert-in.org.in
View Known Exploited Vulnerability (KEV) details
Published At-26 Jul, 2024 | 12:15
Updated At-06 Aug, 2024 | 12:51

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
syrotech
syrotech
>>sy-gpon-1110-wdont_firmware>>3.1.02-231102
cpe:2.3:o:syrotech:sy-gpon-1110-wdont_firmware:3.1.02-231102:*:*:*:*:*:*:*
syrotech
syrotech
>>sy-gpon-1110-wdont>>*
cpe:2.3:h:syrotech:sy-gpon-1110-wdont:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE-1004Secondaryvdisclose@cert-in.org.in
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1004
Type: Secondary
Source: vdisclose@cert-in.org.in
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225vdisclose@cert-in.org.in
Third Party Advisory
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0225
Source: vdisclose@cert-in.org.in
Resource:
Third Party Advisory
Change History
0Changes found
Details not found