10

CVE-2021-41435

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsusGt-ax11000 Firmware Version < 3.0.0.4.386.45898
   AsusGt-ax11000 Version-
AsusRt-ax3000 Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax3000 Version-
AsusRt-ax55 Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax55 Version-
AsusRt-ax56u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax56u Version-
AsusRt-ax56u V2 Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax56u V2 Version-
AsusRt-ax58u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax58u Version-
AsusRt-ax82u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax82u Version-
AsusRt-ax82u Gundam Edition Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax82u Gundam Edition Version-
AsusRt-ax82u Gundam Edition Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax82u Gundam Edition Version-
AsusRt-ax86u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax86u Version-
AsusRt-ax86s Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax86s Version-
AsusRt-ax86u Zaku Ii Edition Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax86u Zaku Ii Edition Version-
AsusRt-ax88u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax88u Version-
AsusRt-ax92u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax92u Version-
AsusTuf Gaming Ax3000 Firmware Version < 3.0.0.4.386.45898
   AsusTuf Gaming Ax3000 Version-
AsusTuf-ax5400 Firmware Version < 3.0.0.4.386.45898
   AsusTuf-ax5400 Version-
AsusZenwifi Xd6 Firmware Version < 3.0.0.4.386.45898
   AsusZenwifi Xd6 Version-
AsusRt-ax68u Firmware Version < 3.0.0.4.386.45911
   AsusRt-ax68u Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.99% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios
Vendor Advisory
Product
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/
Vendor Advisory
Product
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/
Vendor Advisory
Product
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/
Vendor Advisory
Product
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/
Vendor Advisory
Product
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/
Vendor Advisory
Product
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/
Vendor Advisory
Product