Shungo Kumasaka

Researcher fromGMO Cyber Security by IERAE
#22253of 53,633
10.1Total CVSS
Vulnerabilities · 2
Medium
2
PT-2023-23221
5.3
2023-06-13
Asus · Asus Router Rt-Ax3000 · CVE-2023-31195
**Name of the Vulnerable Software and Affected Versions** ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 **Description** The issue arises from the use of sensitive cookies without the 'Secure' attribute. This allows an attacker, who can mount a man-in-the-middle attack, to potentially hijack a user's session if the user logs into the affected device through an unencrypted 'http' connection. **Recommendations** For ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403, update to version 3.0.0.4.388.23403 or later to resolve the issue. As a temporary workaround, consider restricting access to the device through unencrypted connections to minimize the risk of session hijacking.
PT-2022-22027
4.8
2022-08-16
Hulu · Hulu App For Ios · CVE-2022-34156
**Name of the Vulnerable Software and Affected Versions** Hulu App for iOS versions prior to 3.0.81 **Description** The issue improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. **Recommendations** For versions prior to 3.0.81, update to version 3.0.81 or later to resolve the issue.