CVE-2023-31195

Published: Jun 13, 2023

Modified: Jan 3, 2025

PUBLISHED

Description

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

Vendor	Product	Versions
ASUSTeK COMPUTER INC.	ASUS Router RT-AX3000	affected `Firmware versions prior to 3.0.0.4.388.23403`

References

https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2Name=RT-AX3000

https://jvn.jp/en/jp/JVN34232595/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-31195

Description

Affected Products

References