Main Vulnerability Database SB2023060920

SB2023060920 - Information disclosure in ASUS Routers

Published: June 9, 2023 Updated: June 20, 2023

Security Bulletin ID SB2023060920

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-ID: CVE-2023-31195)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected application uses sensitive cookies without "Secure" attribute. A remote attacker can perform a man-in-the-middle attack and gain access to sensitive cookies.

Remediation

Install update from vendor's website.

References

Vulnerable Software

RT-AX3000: before 3.0.0.4.388.23403
GT6: before 3.0.0.4.388.23145
GT-AXE16000: before 3.0.0.4.388.23012
GT-AXE11000 PRO: before 3.0.0.4.388.23285
GT-AXE11000: before 3.0.0.4.388.23482
GT-AX6000: before 3.0.0.4.388.23285
GT-AX11000: before 3.0.0.4.388.23285
GS-AX5400: before 3.0.0.4.388.23012
GS-AX3000: before 1.4.8.3
ZenWiFi XT9: before 3.0.0.4.388.23285
ZenWiFi XT8: before 3.0.0.4.388.23285
ZenWiFi XT8_V2: before 3.0.0.4.388.23285
RT-AX86U PRO: before 3.0.0.4.388.23285
RT-AX86U: before 3.0.0.4.388.23285
RT-AX86S: before 3.0.0.4.388.23285
RT-AX82U: before 3.0.0.4.388.23285
RT-AX58U: before 3.0.0.4.388.23403
TUF-AX6000: before 3.0.0.4.388.31927
TUF-AX5400: before 3.0.0.4.388.23285

SB2023060920 - Information disclosure in ASUS Routers

Breakdown by Severity

Description

Remediation

References

Please verify you're human