CVE-2020-26732 – This vulnerability in SKYWORTH GN542VF routers ... (How to Fix)

Q: What is the severity of CVE-2020-26732?

CVE-2020-26732 has a CVSS score of 7.5 (HIGH). This vulnerability in SKYWORTH GN542VF routers exposes session cookies to interception because the Secure flag is not set on HTTPS cookies. Attackers can capture these cookies during transmission, potentially hijacking user sessions. All users of affected SKYWORTH router hardware and software versions are impacted.

📋 TL;DR

This vulnerability in SKYWORTH GN542VF routers exposes session cookies to interception because the Secure flag is not set on HTTPS cookies. Attackers can capture these cookies during transmission, potentially hijacking user sessions. All users of affected SKYWORTH router hardware and software versions are impacted.

💻 Affected Systems

Products:

SKYWORTH GN542VF

Versions: Hardware Version 2.0 with Software Version 2.0.0.16

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the router.

📦 What is this software?

Gn542vf Boa Firmware by Skyworth

View all CVEs affecting Gn542vf Boa Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept session cookies and gain unauthorized access to router admin interface, allowing them to change network settings, intercept traffic, or install malware.

🟠

Likely Case

Session hijacking where attackers capture user sessions to access router management interface or user accounts.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and internal users are trusted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires man-in-the-middle position to intercept cookies.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface from untrusted networks

Access Restriction

all

Restrict access to router admin interface to trusted IPs only

🧯 If You Can't Patch

Disable remote management of router if not required
Use VPN for all router administration to encrypt traffic

🔍 How to Verify

Check if Vulnerable:

Inspect router web interface cookies using browser developer tools - check if session cookies lack Secure flag

Check Version:

Check router web interface for firmware version information

Verify Fix Applied:

Verify cookies now have Secure flag set when using HTTPS

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from unusual locations
Configuration changes from unexpected IP addresses

Network Indicators:

Unencrypted HTTP traffic containing session cookies
Traffic interception attempts

SIEM Query:

Search for router login events from unexpected IPs or multiple failed authentication attempts

📊 Metadata

CVE ID: CVE-2020-26732

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-311

Published: January 14, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/swzhouu/CVE-2020-26732 Third Party Advisory
https://github.com/swzhouu/CVE-2020-26732 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-26732, you might also want to check these: