CVE-2023-31195 Information

Description

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack and a user is tricked to log into the affected device through an unencrypted (‘http’) connection the user’s session may be hijacked.

Reference

https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2Name=RT-AX3000 https://jvn.jp/en/jp/JVN34232595/