Lucene search

[email protected]CVE-2023-31195

HistoryJun 13, 2023 - 10:15 a.m.

CVE-2023-31195

2023-06-1310:15:10

CWE-319

[email protected]

web.nvd.nist.gov

cve-2023-31195

asus

router

rt-ax3000

firmware

security

vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without ‘Secure’ attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (‘http’) connection, the user’s session may be hijacked.

CPENameOperatorVersion
asus:rt-ax3000_firmwareasus rt-ax3000 firmwarelt3.0.0.4.388.23403
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.386.45898
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.386.46061
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.388.22237
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.386.49674
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.386.48908
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.386.48631
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.384_10177
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq-
asus:rt-ax3000_firmwareasus rt-ax3000 firmwareeq3.0.0.4.386.47029

CPE	Name	Operator	Version
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	lt	3.0.0.4.388.23403
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.386.45898
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.386.46061
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.388.22237
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.386.49674
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.386.48908
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.386.48631
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.384_10177
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	-
asus:rt-ax3000_firmware	asus rt-ax3000 firmware	eq	3.0.0.4.386.47029

Rows per page:

1-10 of 111

References

jvn.jp/en/jp/JVN34232595/

www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2Name=RT-AX3000

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2023-31195

jvn1 prion1 malwarebytes1 thn1