Insecure Cookie Handling in ASUS Router RT-AX3000 Firmware

Insecure Cookie Handling in ASUS Router RT-AX3000 Firmware

CVE-2023-31195 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

Learn more about our User Device Pen Test.