CVE-2023-31195

2023-06-1310:15:10

CWE-319

jpcert

web.nvd.nist.gov

cve-2023-31195

asus

router

rt-ax3000

firmware

security

vulnerability

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

48.1%

JSON

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (‘http’) connection, the user’s session may be hijacked.

Affected configurations

Nvd

Vulners

Node

asusrt-ax3000Match-

AND

asusrt-ax3000_firmwareRange<3.0.0.4.388.23403

VendorProductVersionCPE
asusrt-ax3000-cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*
asusrt-ax3000_firmware*cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	rt-ax3000	-	cpe:2.3:h:asus:rt-ax3000:-:::::::*
asus	rt-ax3000_firmware	*	cpe:2.3:o:asus:rt-ax3000_firmware::::::::

CNA Affected

[
  {
    "vendor": "ASUSTeK COMPUTER INC.",
    "product": "ASUS Router RT-AX3000",
    "versions": [
      {
        "version": "Firmware versions prior to 3.0.0.4.388.23403",
        "status": "affected"
      }
    ]
  }
]