Security Advisory

CVE-2023-31195

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-13 00:00:00

Last updated 2025-01-03 19:39:32

Assigner jpcert

State PUBLISHED

Description

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without Secure attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (http) connection, the users session may be hijacked.

← Browse all CVEs View on cve.org ↗