CP Plus Router Cookie Flag Mismanagement Vulnerability Allowing Session Hijacking
Vulnerability
A vulnerability in the CP Plus CP-XR-DE21-S Router, specifically in firmware version DE21_S_india_hx806_1.057.043_0023, has been identified. This issue arises from the insecure handling of cookie flags in the router's web interface, which could enable a remote attacker to intercept data during an HTTP session. Successful exploitation may lead to the acquisition of sensitive information and compromise the affected system.
Impact
Exploitation of this vulnerability could allow for session hijacking or Man-in-the-Middle attacks on the targeted device, potentially leading to unauthorized access to sensitive information or control over the device.
Remediation
Users are advised to upgrade the CP Plus CP-XR-DE21-S Router to firmware version DE21_S_india_hx806_1.057.043_0027. The firmware update is available on the CP Plus official website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.