CVE-2023-31195

MEDIUM

ASUS Router RT-AX3000 Firmware <3.0.0.4.388.23403 - Info Disclosure

Title source: llm

Description

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/jp/JVN34232595/

Product

https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2Name=RT-AX3000

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 13.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

asus/rt-ax3000_firmware < 3.0.0.4.388.23403

Published Jun 13, 2023

Tracked Since Feb 18, 2026