Vulnerability Description
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digi | Transport Wr11 Firmware | < 6.0.0.0 |
| Digi | Transport Wr11 | - |
| Digi | Transport Wr11 Xt Firmware | < 6.0.0.0 |
| Digi | Transport Wr11 Xt | - |
| Digi | Transport Wr21 Firmware | < 6.0.0.0 |
| Digi | Transport Wr21 | - |
| Digi | Transport Wr31 Firmware | < 6.0.0.0 |
| Digi | Transport Wr31 | - |
| Digi | Transport Wr41 Firmware | < 6.0.0.0 |
| Digi | Transport Wr41 | - |
| Digi | Transport Wr44 Firmware | < 6.0.0.0 |
| Digi | Transport Wr44 | v2 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txtThird Party Advisory
- https://www.digi.com/search/results?q=transportVendor Advisory
- https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txtThird Party Advisory
- https://www.digi.com/search/results?q=transportVendor Advisory
FAQ
What is CVE-2021-37189?
CVE-2021-37189 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those...
How severe is CVE-2021-37189?
CVE-2021-37189 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37189?
Check the references section above for vendor advisories and patch information. Affected products include: Digi Transport Wr11 Firmware, Digi Transport Wr11, Digi Transport Wr11 Xt Firmware, Digi Transport Wr11 Xt, Digi Transport Wr21 Firmware.