CVE-2023-31195
published 2023-06-13CVE-2023-31195: ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be…
medium5.3CVSS 3.1
AVNACHPRNUIRSUCHINAN
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | rt-ax3000_firmware | < 3.0.0.4.388.23403 | 3.0.0.4.388.23403 |
| asustek_computer_inc | asus_router_rt-ax3000 | — | — |