Insecure Cookie Handling in CP Plus Router by CP Plus
CVE-2025-0479

8.6HIGH

Key Information:

Vendor: Cp Plus
Status: Cp-xr-de21-s Router
Vendor: CVE Published:; 20 January 2025

What is CVE-2025-0479?

The vulnerability in the CP Plus Router arises from improper handling of cookie flags within its web interface. A remote attacker can exploit this weakness by intercepting data during an HTTP session, potentially gaining access to sensitive information and compromising the integrity of the affected system.

Affected Version(s)

CP-XR-DE21-S Router DE21_S_india_hx806_1.057.043_0023

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

This vulnerability is reported by Shravan Singh and Karan Patel from Redfox Cyber Security

CVE-2025-0479 Data

JSON

Cp Plus

What is CVE-2025-0479?

Affected Version(s)

References

CVSS V4

Timeline

Credit