CVE-2021-37189
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
Se ha detectado un problema en los dispositivos Digi TransPort Gateway versiones hasta 5.2.13.4. No establecen el atributo Secure para las cookies confidenciales en las sesiones HTTPS, lo que podría causar que el agente de usuario enviara esas cookies en texto sin cifrar a través de una sesión HTTP
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-07-21 CVE Reserved
- 2021-12-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-311: Missing Encryption of Sensitive Data
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.digi.com/search/results?q=transport | 2021-12-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digi Search vendor "Digi" | Transport Wr11 Firmware Search vendor "Digi" for product "Transport Wr11 Firmware" | < 6.0.0.0 Search vendor "Digi" for product "Transport Wr11 Firmware" and version " < 6.0.0.0" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Search vendor "Digi" for product "Transport Wr11" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Xt Firmware Search vendor "Digi" for product "Transport Wr11 Xt Firmware" | < 6.0.0.0 Search vendor "Digi" for product "Transport Wr11 Xt Firmware" and version " < 6.0.0.0" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Xt Search vendor "Digi" for product "Transport Wr11 Xt" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr21 Firmware Search vendor "Digi" for product "Transport Wr21 Firmware" | < 6.0.0.0 Search vendor "Digi" for product "Transport Wr21 Firmware" and version " < 6.0.0.0" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr21 Search vendor "Digi" for product "Transport Wr21" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr31 Firmware Search vendor "Digi" for product "Transport Wr31 Firmware" | < 6.0.0.0 Search vendor "Digi" for product "Transport Wr31 Firmware" and version " < 6.0.0.0" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr31 Search vendor "Digi" for product "Transport Wr31" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | < 6.0.0.0 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " < 6.0.0.0" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr44 Firmware Search vendor "Digi" for product "Transport Wr44 Firmware" | < 6.0.0.0 Search vendor "Digi" for product "Transport Wr44 Firmware" and version " < 6.0.0.0" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr44 Search vendor "Digi" for product "Transport Wr44" | v2 Search vendor "Digi" for product "Transport Wr44" and version "v2" | - |
Safe
|