CVE-2021-37189
Summary
| CVE | CVE-2021-37189 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-10 13:15:00 UTC |
| Updated | 2021-12-14 17:18:00 UTC |
| Description | An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. |
Risk And Classification
Problem Types: CWE-311
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Digi | Transport Wr11 | - | All | All | All |
| Operating System | Digi | Transport Wr11 Firmware | All | All | All | All |
| Hardware | Digi | Transport Wr11 Xt | - | All | All | All |
| Operating System | Digi | Transport Wr11 Xt Firmware | All | All | All | All |
| Hardware | Digi | Transport Wr21 | - | All | All | All |
| Operating System | Digi | Transport Wr21 Firmware | All | All | All | All |
| Hardware | Digi | Transport Wr31 | - | All | All | All |
| Operating System | Digi | Transport Wr31 Firmware | All | All | All | All |
| Hardware | Digi | Transport Wr41 | - | All | All | All |
| Operating System | Digi | Transport Wr41 Firmware | All | All | All | All |
| Hardware | Digi | Transport Wr44 | v2 | All | All | All |
| Operating System | Digi | Transport Wr44 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Search | Digi International | MISC | www.digi.com | |
| raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt | MISC | raw.githubusercontent.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.