CVE-2024-41685

MEDIUM Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-1004
View all →

Vulnerability Description

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.

Related Vulnerabilities

CVE-2022-25172

HIGH
CVSS:7.5(High)

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessibl...

CWE-10042022

CVE-2022-33167

HIGH
CVSS:7.5(High)

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly fla...

CWE-10042022

CVE-2022-43845

HIGH
CVSS:7.5(High)

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability...

CWE-10042022

CVE-2021-3706

HIGH
CVSS:7.4(High)

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

CWE-10042021

CVE-2025-24318

MEDIUM
CVSS:6.8(Medium)

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.

CWE-10042025

CVE-2019-8283

MEDIUM
CVSS:6.5(Medium)

Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.

CWE-10042019