CVE-2023-31195

Summary

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

Affected Software

VendorProductVersion RangeStatus
ASUSTeK COMPUTER INC.ASUS Router RT-AX3000Firmware versions prior to 3.0.0.4.388.23403affected

Weaknesses

  • Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References