Описание
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:skyworth:gn542vf_boa_firmware:0.94.13:*:*:*:*:*:*:*
cpe:2.3:h:skyworth:gn542vf_boa:-:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.0021
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-311
CWE-311
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
EPSS
Процентиль: 43%
0.0021
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-311
CWE-311