10

CVE-2021-41435

EPSS 1.85%
Published 19.11.2021 12:15:09
Last modified 21.11.2024 06:26:14
Source cve@mitre.org
Teams watchlist Login
Open Login

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Asus ≫ Gt-ax11000 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Gt-ax11000 Version-

Asus ≫ Rt-ax3000 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax3000 Version-

Asus ≫ Rt-ax55 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax55 Version-

Asus ≫ Rt-ax56u Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax56u Version-

Asus ≫ Rt-ax56u V2 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax56u V2 Version-

Asus ≫ Rt-ax58u Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax58u Version-

Asus ≫ Rt-ax82u Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax82u Version-

Asus ≫ Rt-ax82u Gundam Edition Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax82u Gundam Edition Version-

Asus ≫ Rt-ax82u Gundam Edition Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax82u Gundam Edition Version-

Asus ≫ Rt-ax86u Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax86u Version-

Asus ≫ Rt-ax86s Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax86s Version-

Asus ≫ Rt-ax86u Zaku Ii Edition Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax86u Zaku Ii Edition Version-

Asus ≫ Rt-ax88u Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax88u Version-

Asus ≫ Rt-ax92u Firmware Version < 3.0.0.4.386.45898

Asus ≫ Rt-ax92u Version-

Asus ≫ Tuf Gaming Ax3000 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Tuf Gaming Ax3000 Version-

Asus ≫ Tuf-ax5400 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Tuf-ax5400 Version-

Asus ≫ Zenwifi Xd6 Firmware Version < 3.0.0.4.386.45898

Asus ≫ Zenwifi Xd6 Version-

Asus ≫ Zenwifi Ax (xt8) Firmware Version < 3.0.0.4.386.45898

Asus ≫ Zenwifi Ax (xt8) Version-

Asus ≫ Rt-ax68u Firmware Version < 3.0.0.4.386.45911

Asus ≫ Rt-ax68u Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.85%	0.823

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/

Vendor Advisory

Product

http://asus.com

Vendor Advisory

https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios

Vendor Advisory

Product

https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/

Vendor Advisory

Product

https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/

Vendor Advisory

Product

https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/

Vendor Advisory

Product

https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/

Vendor Advisory

Product

https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-41435

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41435

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41435

EUVD