CVE-2024-41685
HIGHDescription
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| syrotech | sy-gpon-1110-wdont_firmware |
| syrotech | sy-gpon-1110-wdont |
References
Frequently Asked Questions
What is CVE-2024-41685? +
How severe is CVE-2024-41685? +
What products are affected by CVE-2024-41685? +
How do I check if I'm vulnerable to CVE-2024-41685? +
Related Vulnerabilities
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated …
This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. …
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set …
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the …
A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field. An attacker …