Vulnerability Description
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Rt-Ax3000 Firmware | < 3.0.0.4.388.23403 |
| Asus | Rt-Ax3000 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN34232595/Third Party Advisory
- https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-axProduct
- https://jvn.jp/en/jp/JVN34232595/Third Party Advisory
- https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-axProduct
FAQ
What is CVE-2023-31195?
CVE-2023-31195 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, ...
How severe is CVE-2023-31195?
CVE-2023-31195 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31195?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Rt-Ax3000 Firmware, Asus Rt-Ax3000.