CVE-2025-53757

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.

CVSS

No CVSS.

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0147

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Esta vulnerabilidad existe en el enrutador Digisol DG-GR6821AC debido a una configuración incorrecta de los indicadores Secure y HttpOnly en las cookies de sesión asociadas a la interfaz web del enrutador. Un atacante remoto podría explotar esta vulnerabilidad capturando las cookies de sesión transmitidas a través de una conexión HTTP no segura. Si se explota con éxito esta vulnerabilidad, el atacante podría obtener información confidencial del dispositivo objetivo.

16 Jul 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-16 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-53757

Mitre link : CVE-2025-53757

CVE.ORG link : CVE-2025-53757

JSON object : View

Products Affected

No product.

CWE

CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

{"id": "CVE-2025-53757", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vdisclose@cert-in.org.in", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-16T12:15:30.363", "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0147", "source": "vdisclose@cert-in.org.in"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "vdisclose@cert-in.org.in", "description": [{"lang": "en", "value": "CWE-614"}, {"lang": "en", "value": "CWE-1004"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. \n\nSuccessful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device."}, {"lang": "es", "value": "Esta vulnerabilidad existe en el enrutador Digisol DG-GR6821AC debido a una configuraci\u00f3n incorrecta de los indicadores Secure y HttpOnly en las cookies de sesi\u00f3n asociadas a la interfaz web del enrutador. Un atacante remoto podr\u00eda explotar esta vulnerabilidad capturando las cookies de sesi\u00f3n transmitidas a trav\u00e9s de una conexi\u00f3n HTTP no segura. Si se explota con \u00e9xito esta vulnerabilidad, el atacante podr\u00eda obtener informaci\u00f3n confidencial del dispositivo objetivo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "vdisclose@cert-in.org.in"}