CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
digitransport_wr11_firmware
𝑥
< 6.0.0.0
digitransport_wr11_xt_firmware
𝑥
< 6.0.0.0
digitransport_wr21_firmware
𝑥
< 6.0.0.0
digitransport_wr31_firmware
𝑥
< 6.0.0.0
digitransport_wr41_firmware
𝑥
< 6.0.0.0
digitransport_wr44_firmware
𝑥
< 6.0.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt
https://www.digi.com/search/results?q=transport
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt
https://www.digi.com/search/results?q=transport