CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31195

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.4%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2023-31195

Asus » Rt-Ax3000 » Version: N/A

cpe:2.3:h:asus:rt-ax3000:-
Asus » Rt-Ax3000 Firmware » Version: N/A

cpe:2.3:o:asus:rt-ax3000_firmware:-
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.384_10177

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.384_10177
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.386.45898

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.386.45898
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.386.46061

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.386.46061
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.386.47029

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.386.47029
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.386.48631

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.386.48631
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.386.48908

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.386.48908
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.386.49674

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.386.49674
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.388.22237

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.388.22237
Asus » Rt-Ax3000 Firmware » Version: 3.0.0.4.388.22525

cpe:2.3:o:asus:rt-ax3000_firmware:3.0.0.4.388.22525

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-31195

Products

Pricing

Contact Us