Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-26732 PoC — Skyworth Gn542vf 安全漏洞

Source
https://github.com/swzhouu/CVE-2020-26732
Associated Vulnerability
Title:Skyworth Gn542vf 安全漏洞 (CVE-2020-26732)
Description:SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
Description
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session
Readme
# CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session
## Description
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
## Additional Information
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision. If possible, ensure all communication occurs over an encrypted channel and add the secure attribute to all session cookies or any cookies containing sensitive data.
## VulnerabilityType Other
Web Application Cookies Not Marked Secure
## Vendor of Product
SKYWORTH
## Affected Product Code Base
SKYWORTH GN542VF - Hardware Version 2.0 and Software Version 2.0.0.16
## Affected Component
Web Application Cookies of SKYWORTH GN542VF.
## Attack Type
Local
## Impact Information Disclosure
true
## Attack Vectors
This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic, or following a successful man-in-the-middle attack.
## Discoverer
Jiraput Thamsongkrah
## Proof of Concept
![Alt text](https://github.com/swzhouu/CVE-2020-26732/blob/main/SKYWORTH%20GN542VF%20Hardware%20Version%202.0%20and%20Software%20Version%202.0.0.16%20does%20not%20set%20the%20Secure%20flag%20for%20the%20session%20cookie%20in%20an%20HTTPS%20session.png)
File Snapshot

 [4.0K]  /data/pocs/10a57e42498549804e284b293d66e4a01fc4cf19
├── [1.5K]  README.md
└── [364K]  SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session.png

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →