Skip to main content

CVE-2025-53757: CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Digisol XPON ONU Wi-Fi Router (DG-GR6821AC)

High
VulnerabilityCVE-2025-53757cvecve-2025-53757cwe-614cwe-1004
Published: Wed Jul 16 2025 (07/16/2025, 11:25:05 UTC)
Source: CVE Database V5
Vendor/Project: Digisol
Product: XPON ONU Wi-Fi Router (DG-GR6821AC)

Description

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.

AI-Powered Analysis

AILast updated: 07/16/2025, 12:01:12 UTC

Technical Analysis

CVE-2025-53757 is a high-severity vulnerability affecting the Digisol XPON ONU Wi-Fi Router model DG-GR6821AC, specifically version V3.2.XX. The root cause of this vulnerability lies in the improper configuration of session cookies used by the router's web interface. The affected cookies lack the 'Secure' attribute, which is critical for ensuring that cookies are only transmitted over encrypted HTTPS connections. Additionally, the HttpOnly flag is also misconfigured or absent, increasing the risk of client-side script access to these cookies. Because the router's web interface transmits session cookies over unencrypted HTTP connections, a remote attacker can intercept these cookies via network traffic monitoring or man-in-the-middle (MITM) attacks. By capturing these sensitive session cookies, an attacker could potentially hijack the administrative session of the router, gaining unauthorized access to the device's management interface. This could lead to unauthorized configuration changes, network eavesdropping, or further compromise of connected devices. The vulnerability is classified under CWE-614 (Sensitive Cookie Without 'Secure' Attribute) and CWE-1004 (Improper Control of Generation of Code), highlighting the security misconfiguration and potential for code-related exploitation. The CVSS v4.0 score of 8.7 (high severity) reflects the vulnerability's network attack vector, low complexity, no required privileges or user interaction, and high impact on confidentiality. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the ease of exploitation and the sensitive nature of router management interfaces. No patches have been linked yet, indicating that affected users should apply mitigations promptly once available.

Potential Impact

For European organizations, this vulnerability poses a substantial risk, especially for enterprises and service providers relying on Digisol DG-GR6821AC routers for network connectivity. Compromise of router management sessions can lead to unauthorized changes in network configurations, potentially disrupting business operations or enabling further lateral movement within corporate networks. Confidential information passing through the router could be exposed or manipulated, undermining data integrity and privacy compliance obligations under regulations such as GDPR. Small and medium-sized enterprises (SMEs) that may not have dedicated security teams are particularly vulnerable, as they might not detect or respond to such intrusions promptly. Additionally, critical infrastructure sectors using these routers could face operational disruptions or espionage risks. The vulnerability's exploitation does not require authentication or user interaction, increasing the likelihood of automated attacks targeting exposed devices. Given the router's role as a network edge device, successful exploitation could also facilitate broader attacks against connected endpoints, amplifying the impact on organizational security posture.

Mitigation Recommendations

To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify if their network infrastructure includes Digisol DG-GR6821AC routers running affected firmware versions (V3.2.XX). 2) Restrict access to the router's web management interface to trusted internal networks only, using network segmentation and firewall rules to block external or untrusted access. 3) Enforce HTTPS-only access to the router interface by configuring the device to disable HTTP management or by placing it behind a secure reverse proxy that enforces TLS. 4) Monitor network traffic for signs of session cookie interception or unusual administrative access patterns. 5) Regularly update router firmware and subscribe to vendor security advisories to apply patches promptly once released. 6) Implement network-level protections such as VPNs for remote management to prevent exposure of management interfaces over insecure channels. 7) Educate IT staff on the risks of insecure cookie attributes and the importance of secure session management. These steps go beyond generic advice by focusing on access control, network architecture adjustments, and proactive monitoring tailored to the specific vulnerability context.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERT-In
Date Reserved
2025-07-09T11:17:31.820Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6877910aa83201eaacda58f5

Added to database: 7/16/2025, 11:46:18 AM

Last enriched: 7/16/2025, 12:01:12 PM

Last updated: 8/23/2025, 10:24:27 PM

Views: 40

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats