CVE-2025-0479 HIGH

CVE-2025-0479: Security Misconfiguration Vulnerability in CP Plus Router

Vendor Cp Plus
Product CP-XR-DE21-S Router
Weakness CWE-1004
Published January 20, 2025
Last update January 21, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system.

Key dates

02Disclosure timeline

January 20, 2025 CVE published
January 21, 2025 Record updated

Related vulnerabilities

04Related CVE