CVE-2025-0479

Summary

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system.

Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system.

Affected Software

VendorProductVersion RangeStatus
CP PlusCP-XR-DE21-S RouterDE21_S_india_hx806_1.057.043_0023affected

Weaknesses

  • CWE-1004: CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
  • CWE-614: CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References