Vulnerability Details : CVE-2021-41435
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
Products affected by CVE-2021-41435
- cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:zenwifi_ax_\(xt8\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax56u_v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax86s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax86u_zaku_ii_edition_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:rt-ax92u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:tuf_gaming_ax3000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:tuf-ax5400_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:asus:zenwifi_xd6_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41435
4.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41435
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-41435
-
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-41435
-
http://asus.com
ASUS NederlandVendor Advisory
-
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/
RT-AX55|WiFi Routers|ASUS GlobalProduct;Vendor Advisory
-
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/
RT-AX3000|WiFi Routers|ASUS GlobalProduct;Vendor Advisory
-
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/
RT-AX56U|WiFi Routers|ASUS GlobalProduct;Vendor Advisory
-
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/
ASUS ZenWiFi XD6 Series(XD6/XD6S)Product;Vendor Advisory
-
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/
ASUS ZenWiFi AX (XT8)|Whole Home Mesh WiFi Systems|ASUS GlobalProduct;Vendor Advisory
-
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/
RT-AX68U|WiFi Routers|ASUS GlobalProduct;Vendor Advisory
-
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios
ROG Rapture GT-AX11000 | Gaming Networking|ROG - Republic of Gamers|ROG GlobalProduct;Vendor Advisory
Jump to