7.8

CVE-2021-41436

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.

Data is provided by the National Vulnerability Database (NVD)
AsusGt-ax11000 Firmware Version < 3.0.0.4.386.45898
   AsusGt-ax11000 Version-
AsusRt-ax3000 Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax3000 Version-
AsusRt-ax55 Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax55 Version-
AsusRt-ax56u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax56u Version-
AsusRt-ax56u V2 Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax56u V2 Version-
AsusRt-ax58u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax58u Version-
AsusRt-ax82u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax82u Version-
AsusRt-ax82u Gundam Edition Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax82u Gundam Edition Version-
AsusRt-ax82u Gundam Edition Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax82u Gundam Edition Version-
AsusRt-ax86u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax86u Version-
AsusRt-ax86s Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax86s Version-
AsusRt-ax86u Zaku Ii Edition Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax86u Zaku Ii Edition Version-
AsusRt-ax88u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax88u Version-
AsusRt-ax92u Firmware Version < 3.0.0.4.386.45898
   AsusRt-ax92u Version-
AsusTuf Gaming Ax3000 Firmware Version < 3.0.0.4.386.45898
   AsusTuf Gaming Ax3000 Version-
AsusTuf-ax5400 Firmware Version < 3.0.0.4.386.45898
   AsusTuf-ax5400 Version-
AsusZenwifi Xd6 Firmware Version < 3.0.0.4.386.45898
   AsusZenwifi Xd6 Version-
AsusZenwifi Ax (xt8) Firmware Version < 3.0.0.4.386.45898
   AsusZenwifi Ax (xt8) Version-
AsusRt-ax68u Firmware Version < 3.0.0.4.386.45911
   AsusRt-ax68u Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 4.58% 0.888
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

http://asus.com
Vendor Advisory