CVE-2020-26732

Name of the Vulnerable Software and Affected Versions: SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 SKYWORTH GN542VF Boa version 0.94.13

Description: The issue is related to the session cookie in an HTTPS session not having the Secure flag set, making it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

Recommendations: For SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16, consider updating the software to a version that sets the Secure flag for the session cookie. For SKYWORTH GN542VF Boa version 0.94.13, consider updating the Boa version to one that properly sets the Secure flag for the session cookie. As a temporary workaround, consider restricting access to sensitive information transmitted over HTTP sessions until the issue is resolved.