CVE-2021-37189
Last modified
CVE-2021-37189 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Digi | Transport Wr11 Firmware | < 6.0.0.0 |
| Digi | Transport Wr11 Xt Firmware | < 6.0.0.0 |
| Digi | Transport Wr21 Firmware | < 6.0.0.0 |
| Digi | Transport Wr31 Firmware | < 6.0.0.0 |
| Digi | Transport Wr41 Firmware | < 6.0.0.0 |
| Digi | Transport Wr44 Firmware | < 6.0.0.0 |
References
- https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txtThird Party Advisory
- https://www.digi.com/search/results?q=transportVendor Advisory
- https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txtThird Party Advisory
- https://www.digi.com/search/results?q=transportVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-37189?
How severe is CVE-2021-37189?
How do I fix CVE-2021-37189?
Are you affected by CVE-2021-37189?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST