ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (‘http’) connection, the user’s session may be hijacked.
[
{
"vendor": "ASUSTeK COMPUTER INC.",
"product": "ASUS Router RT-AX3000",
"versions": [
{
"version": "Firmware versions prior to 3.0.0.4.388.23403",
"status": "affected"
}
]
}
]