CVE-2025-53757 is a high-severity vulnerability affecting the Digisol XPON ONU Wi-Fi Router model DG-GR6821AC, specifically version V3.2.XX. The root cause of this vulnerability lies in the improper configuration of session cookies used by the router's web interface. The affected cookies lack the 'Secure' attribute, which is critical for ensuring that cookies are only transmitted over encrypted HTTPS connections. Additionally, the HttpOnly flag is also misconfigured or absent, increasing the risk of client-side script access to these cookies. Because the router's web interface transmits session cookies over unencrypted HTTP connections, a remote attacker can intercept these cookies via network traffic monitoring or man-in-the-middle (MITM) attacks. By capturing these sensitive session cookies, an attacker could potentially hijack the administrative session of the router, gaining unauthorized access to the device's management interface. This could lead to unauthorized configuration changes, network eavesdropping, or further compromise of connected devices. The vulnerability is classified under CWE-614 (Sensitive Cookie Without 'Secure' Attribute) and CWE-1004 (Improper Control of Generation of Code), highlighting the security misconfiguration and potential for code-related exploitation. The CVSS v4.0 score of 8.7 (high severity) reflects the vulnerability's network attack vector, low complexity, no required privileges or user interaction, and high impact on confidentiality. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the ease of exploitation and the sensitive nature of router management interfaces. No patches have been linked yet, indicating that affected users should apply mitigations promptly once available.

For European organizations, this vulnerability poses a substantial risk, especially for enterprises and service providers relying on Digisol DG-GR6821AC routers for network connectivity. Compromise of router management sessions can lead to unauthorized changes in network configurations, potentially disrupting business operations or enabling further lateral movement within corporate networks. Confidential information passing through the router could be exposed or manipulated, undermining data integrity and privacy compliance obligations under regulations such as GDPR. Small and medium-sized enterprises (SMEs) that may not have dedicated security teams are particularly vulnerable, as they might not detect or respond to such intrusions promptly. Additionally, critical infrastructure sectors using these routers could face operational disruptions or espionage risks. The vulnerability's exploitation does not require authentication or user interaction, increasing the likelihood of automated attacks targeting exposed devices. Given the router's role as a network edge device, successful exploitation could also facilitate broader attacks against connected endpoints, amplifying the impact on organizational security posture.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify if their network infrastructure includes Digisol DG-GR6821AC routers running affected firmware versions (V3.2.XX). 2) Restrict access to the router's web management interface to trusted internal networks only, using network segmentation and firewall rules to block external or untrusted access. 3) Enforce HTTPS-only access to the router interface by configuring the device to disable HTTP management or by placing it behind a secure reverse proxy that enforces TLS. 4) Monitor network traffic for signs of session cookie interception or unusual administrative access patterns. 5) Regularly update router firmware and subscribe to vendor security advisories to apply patches promptly once released. 6) Implement network-level protections such as VPNs for remote management to prevent exposure of management interfaces over insecure channels. 7) Educate IT staff on the risks of insecure cookie attributes and the importance of secure session management. These steps go beyond generic advice by focusing on access control, network architecture adjustments, and proactive monitoring tailored to the specific vulnerability context.