CVE-2023-31195

Name of the Vulnerable Software and Affected Versions ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403

Description The issue arises from the use of sensitive cookies without the 'Secure' attribute. This allows an attacker, who can mount a man-in-the-middle attack, to potentially hijack a user's session if the user logs into the affected device through an unencrypted 'http' connection.

Recommendations For ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403, update to version 3.0.0.4.388.23403 or later to resolve the issue. As a temporary workaround, consider restricting access to the device through unencrypted connections to minimize the risk of session hijacking.