← Back to CVEs
CVE-2021-41435
CRITICAL9.8
Description
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/19/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
asus:gt-ax11000asus:gt-ax11000_firmwareasus:rt-ax3000asus:rt-ax3000_firmwareasus:rt-ax55asus:rt-ax55_firmwareasus:rt-ax56uasus:rt-ax56u_firmwareasus:rt-ax56u_v2asus:rt-ax56u_v2_firmwareasus:rt-ax58uasus:rt-ax58u_firmwareasus:rt-ax68uasus:rt-ax68u_firmwareasus:rt-ax82uasus:rt-ax82u_firmwareasus:rt-ax82u_gundam_editionasus:rt-ax82u_gundam_edition_firmwareasus:rt-ax86sasus:rt-ax86s_firmwareasus:rt-ax86uasus:rt-ax86u_firmwareasus:rt-ax86u_zaku_ii_editionasus:rt-ax86u_zaku_ii_edition_firmwareasus:rt-ax88uasus:rt-ax88u_firmwareasus:rt-ax92uasus:rt-ax92u_firmwareasus:tuf-ax5400asus:tuf-ax5400_firmwareasus:tuf_gaming_ax3000asus:tuf_gaming_ax3000_firmwareasus:zenwifi_ax_\(xt8\)asus:zenwifi_ax_\(xt8\)_firmwareasus:zenwifi_xd6asus:zenwifi_xd6_firmware
Weaknesses (CWE)
CWE-307
References
http://asus.com(cve@mitre.org)
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/(cve@mitre.org)
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/(cve@mitre.org)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/(cve@mitre.org)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/(cve@mitre.org)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/(cve@mitre.org)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/(cve@mitre.org)
http://asus.com(af854a3a-2127-422b-91ae-364da2661108)
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios(af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/(af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/(af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/(af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/(af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/(af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.