CVE-2025-53757: CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Digisol XPON ONU Wi-Fi Router (DG-GR6821AC)
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.
AI Analysis
Technical Summary
CVE-2025-53757 is a high-severity vulnerability affecting the Digisol XPON ONU Wi-Fi Router model DG-GR6821AC, specifically version V3.2.XX. The root cause of this vulnerability lies in the improper configuration of session cookies used by the router's web interface. The affected cookies lack the 'Secure' attribute, which is critical for ensuring that cookies are only transmitted over encrypted HTTPS connections. Additionally, the HttpOnly flag is also misconfigured or absent, increasing the risk of client-side script access to these cookies. Because the router's web interface transmits session cookies over unencrypted HTTP connections, a remote attacker can intercept these cookies via network traffic monitoring or man-in-the-middle (MITM) attacks. By capturing these sensitive session cookies, an attacker could potentially hijack the administrative session of the router, gaining unauthorized access to the device's management interface. This could lead to unauthorized configuration changes, network eavesdropping, or further compromise of connected devices. The vulnerability is classified under CWE-614 (Sensitive Cookie Without 'Secure' Attribute) and CWE-1004 (Improper Control of Generation of Code), highlighting the security misconfiguration and potential for code-related exploitation. The CVSS v4.0 score of 8.7 (high severity) reflects the vulnerability's network attack vector, low complexity, no required privileges or user interaction, and high impact on confidentiality. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the ease of exploitation and the sensitive nature of router management interfaces. No patches have been linked yet, indicating that affected users should apply mitigations promptly once available.
Potential Impact
For European organizations, this vulnerability poses a substantial risk, especially for enterprises and service providers relying on Digisol DG-GR6821AC routers for network connectivity. Compromise of router management sessions can lead to unauthorized changes in network configurations, potentially disrupting business operations or enabling further lateral movement within corporate networks. Confidential information passing through the router could be exposed or manipulated, undermining data integrity and privacy compliance obligations under regulations such as GDPR. Small and medium-sized enterprises (SMEs) that may not have dedicated security teams are particularly vulnerable, as they might not detect or respond to such intrusions promptly. Additionally, critical infrastructure sectors using these routers could face operational disruptions or espionage risks. The vulnerability's exploitation does not require authentication or user interaction, increasing the likelihood of automated attacks targeting exposed devices. Given the router's role as a network edge device, successful exploitation could also facilitate broader attacks against connected endpoints, amplifying the impact on organizational security posture.
Mitigation Recommendations
To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify if their network infrastructure includes Digisol DG-GR6821AC routers running affected firmware versions (V3.2.XX). 2) Restrict access to the router's web management interface to trusted internal networks only, using network segmentation and firewall rules to block external or untrusted access. 3) Enforce HTTPS-only access to the router interface by configuring the device to disable HTTP management or by placing it behind a secure reverse proxy that enforces TLS. 4) Monitor network traffic for signs of session cookie interception or unusual administrative access patterns. 5) Regularly update router firmware and subscribe to vendor security advisories to apply patches promptly once released. 6) Implement network-level protections such as VPNs for remote management to prevent exposure of management interfaces over insecure channels. 7) Educate IT staff on the risks of insecure cookie attributes and the importance of secure session management. These steps go beyond generic advice by focusing on access control, network architecture adjustments, and proactive monitoring tailored to the specific vulnerability context.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2025-53757: CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Digisol XPON ONU Wi-Fi Router (DG-GR6821AC)
Description
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.
AI-Powered Analysis
Technical Analysis
CVE-2025-53757 is a high-severity vulnerability affecting the Digisol XPON ONU Wi-Fi Router model DG-GR6821AC, specifically version V3.2.XX. The root cause of this vulnerability lies in the improper configuration of session cookies used by the router's web interface. The affected cookies lack the 'Secure' attribute, which is critical for ensuring that cookies are only transmitted over encrypted HTTPS connections. Additionally, the HttpOnly flag is also misconfigured or absent, increasing the risk of client-side script access to these cookies. Because the router's web interface transmits session cookies over unencrypted HTTP connections, a remote attacker can intercept these cookies via network traffic monitoring or man-in-the-middle (MITM) attacks. By capturing these sensitive session cookies, an attacker could potentially hijack the administrative session of the router, gaining unauthorized access to the device's management interface. This could lead to unauthorized configuration changes, network eavesdropping, or further compromise of connected devices. The vulnerability is classified under CWE-614 (Sensitive Cookie Without 'Secure' Attribute) and CWE-1004 (Improper Control of Generation of Code), highlighting the security misconfiguration and potential for code-related exploitation. The CVSS v4.0 score of 8.7 (high severity) reflects the vulnerability's network attack vector, low complexity, no required privileges or user interaction, and high impact on confidentiality. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the ease of exploitation and the sensitive nature of router management interfaces. No patches have been linked yet, indicating that affected users should apply mitigations promptly once available.
Potential Impact
For European organizations, this vulnerability poses a substantial risk, especially for enterprises and service providers relying on Digisol DG-GR6821AC routers for network connectivity. Compromise of router management sessions can lead to unauthorized changes in network configurations, potentially disrupting business operations or enabling further lateral movement within corporate networks. Confidential information passing through the router could be exposed or manipulated, undermining data integrity and privacy compliance obligations under regulations such as GDPR. Small and medium-sized enterprises (SMEs) that may not have dedicated security teams are particularly vulnerable, as they might not detect or respond to such intrusions promptly. Additionally, critical infrastructure sectors using these routers could face operational disruptions or espionage risks. The vulnerability's exploitation does not require authentication or user interaction, increasing the likelihood of automated attacks targeting exposed devices. Given the router's role as a network edge device, successful exploitation could also facilitate broader attacks against connected endpoints, amplifying the impact on organizational security posture.
Mitigation Recommendations
To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify if their network infrastructure includes Digisol DG-GR6821AC routers running affected firmware versions (V3.2.XX). 2) Restrict access to the router's web management interface to trusted internal networks only, using network segmentation and firewall rules to block external or untrusted access. 3) Enforce HTTPS-only access to the router interface by configuring the device to disable HTTP management or by placing it behind a secure reverse proxy that enforces TLS. 4) Monitor network traffic for signs of session cookie interception or unusual administrative access patterns. 5) Regularly update router firmware and subscribe to vendor security advisories to apply patches promptly once released. 6) Implement network-level protections such as VPNs for remote management to prevent exposure of management interfaces over insecure channels. 7) Educate IT staff on the risks of insecure cookie attributes and the importance of secure session management. These steps go beyond generic advice by focusing on access control, network architecture adjustments, and proactive monitoring tailored to the specific vulnerability context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- CERT-In
- Date Reserved
- 2025-07-09T11:17:31.820Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6877910aa83201eaacda58f5
Added to database: 7/16/2025, 11:46:18 AM
Last enriched: 7/16/2025, 12:01:12 PM
Last updated: 8/23/2025, 10:24:27 PM
Views: 40
Related Threats
CVE-2025-9576: Use of Default Credentials in seeedstudio ReSpeaker
LowCVE-2025-9575: OS Command Injection in Linksys RE6250
MediumCVE-2025-9195: CWE-20 Improper Input Validation in Solidigm D7-PS1010/D7-PS1030
MediumCVE-2025-31971: CWE-425 Direct Request ('Forced Browsing') in HCL Software AIML Solutions for SX
MediumCVE-2025-58049: CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer in xwiki xwiki-platform
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.