CVE-2024-41684

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-614
View all →

Vulnerability Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.

Related Vulnerabilities

CVE-2015-3207

MEDIUM
CVSS:5.3(Medium)

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

CWE-6142015

CVE-2020-29024

MEDIUM
CVSS:5.3(Medium)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects...

CWE-6142020

CVE-2021-35236

MEDIUM
CVSS:5.3(Medium)

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secur...

CWE-6142021

CVE-2023-33860

MEDIUM
CVSS:5.3(Medium)

IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by plan...

CWE-6142023

CVE-2023-5035

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be...

CWE-6142023

CVE-2024-0349

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sens...

CWE-6142024