CVE-2021-37189
First published: Fri Dec 10 2021(Updated: )
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Digi Transport Wr11 Firmware | <6.0.0.0 | |
| Digi Transport Wr11 | ||
| Digi Transport Wr11 Xt Firmware | <6.0.0.0 | |
| Digi Transport Wr11 Xt | ||
| Digi Transport Wr21 Firmware | <6.0.0.0 | |
| Digi TransPort WR21 | ||
| Digi Transport Wr31 Firmware | <6.0.0.0 | |
| Digi Transport Wr31 | ||
| Digi Transport Wr41 Firmware | <6.0.0.0 | |
| Digi Transport Wr41 | ||
| Digi Transport Wr44 Firmware | <6.0.0.0 | |
| Digi Transport Wr44 | =v2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-37189?
CVE-2021-37189 is a vulnerability found on Digi TransPort Gateway devices through 5.2.13.4 where they do not set the Secure attribute for sensitive cookies in HTTPS sessions, potentially compromising the security of user data.
What is the severity of CVE-2021-37189?
The severity of CVE-2021-37189 is high with a CVSS score of 7.5.
How can CVE-2021-37189 be exploited?
CVE-2021-37189 can be exploited by intercepting and reading sensitive cookies sent over an HTTP session, as the Secure attribute is not set.
What is the affected software for CVE-2021-37189?
The affected software for CVE-2021-37189 includes Digi Transport Wr11 Firmware, Digi Transport Wr11 Xt Firmware, Digi Transport Wr21 Firmware, Digi Transport Wr31 Firmware, Digi Transport Wr41 Firmware, and Digi Transport Wr44 Firmware.
How can I mitigate the vulnerability CVE-2021-37189?
To mitigate CVE-2021-37189, it is recommended to update Digi TransPort Gateway devices to version 6.0.0.0 or higher, where the Secure attribute is properly set for sensitive cookies.
- collector/nvd-index
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- vendor/digi
- canonical/digi transport wr11 firmware
- canonical/digi transport wr11
- canonical/digi transport wr11 xt firmware
- canonical/digi transport wr11 xt
- canonical/digi transport wr21 firmware
- canonical/digi transport wr21
- canonical/digi transport wr31 firmware
- canonical/digi transport wr31
- canonical/digi transport wr41 firmware
- canonical/digi transport wr41
- canonical/digi transport wr44 firmware
- canonical/digi transport wr44
- version/digi transport wr44/v2