Vulnerabilites related to asus - rt-ax86s
cve-2021-41435
Vulnerability from cvelistv5
Published
2021-11-19 11:26
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:27.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asus.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T11:26:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asus.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://asus.com",
"refsource": "MISC",
"url": "http://asus.com"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"name": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios",
"refsource": "MISC",
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41435",
"datePublished": "2021-11-19T11:26:30",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:15:27.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41436
Vulnerability from cvelistv5
Published
2021-11-19 11:14
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://asus.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T11:14:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://asus.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://asus.com",
"refsource": "MISC",
"url": "http://asus.com"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"name": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios",
"refsource": "MISC",
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"name": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41436",
"datePublished": "2021-11-19T11:14:09",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:15:28.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202111-1223
Vulnerability from variot
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. plural ASUS The product has HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. ASUS routers is a router from ASUS, Taiwan, China.
ASUS routers has a security vulnerability. The vulnerability stems from a problem with the router firmware verifying HTTP data packets. Unauthenticated remote attackers can use this vulnerability to perform denial of service attacks by sending specially crafted HTTP data packets
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf gaming ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86s",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u v2",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax92u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u zaku ii edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi xd6",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45911"
},
{
"model": "gt-ax11000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf-ax5400",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u gundam edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u v2",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u gundam edition",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax55",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86s",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-ax11000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "routers",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"cve": "CVE-2021-41436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-41436",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-99877",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-41436",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-41436",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41436",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41436",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-99877",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-41436",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. plural ASUS The product has HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. ASUS routers is a router from ASUS, Taiwan, China. \n\r\n\r\nASUS routers has a security vulnerability. The vulnerability stems from a problem with the router firmware verifying HTTP data packets. Unauthenticated remote attackers can use this vulnerability to perform denial of service attacks by sending specially crafted HTTP data packets",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41436",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-99877",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41436",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"id": "VAR-202111-1223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
}
],
"trust": 1.09064731125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
}
]
},
"last_update_date": "2024-11-23T22:33:00.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AX68U ASUS",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "Patch for ASUS routers environmental issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/305656"
},
{
"title": "ASUS routers Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171131"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41436"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/all-series/rt-ax55/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "http://asus.com"
},
{
"trust": 1.7,
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax68u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"date": "2021-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"date": "2022-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"date": "2021-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"date": "2021-11-19T12:15:09.390000",
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"date": "2021-11-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"date": "2022-11-15T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"date": "2021-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"date": "2024-11-21T06:26:15.047000",
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ASUS\u00a0 In the product \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
}
],
"trust": 0.6
}
}
var-202111-1224
Vulnerability from variot
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. plural ASUS The product contains an improper restriction of excessive authentication attempts vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf gaming ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86s",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u v2",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax92u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u zaku ii edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi xd6",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45911"
},
{
"model": "gt-ax11000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf-ax5400",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u gundam edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u v2",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u gundam edition",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax55",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86s",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-ax11000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"cve": "CVE-2021-41435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-41435",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-41435",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41435",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41435",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-41435",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1641",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-41435",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. plural ASUS The product contains an improper restriction of excessive authentication attempts vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "VULMON",
"id": "CVE-2021-41435"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41435",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41435",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"id": "VAR-202111-1224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4178826414285714
},
"last_update_date": "2024-11-23T22:29:11.173000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AX68U ASUS",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "ASUS routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171129"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/all-series/rt-ax55/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "http://asus.com"
},
{
"trust": 1.7,
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax68u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41435"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/307.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"date": "2022-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"date": "2021-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"date": "2021-11-19T12:15:09.330000",
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"date": "2022-11-15T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"date": "2021-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"date": "2024-11-21T06:26:14.863000",
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ASUS\u00a0 Product Improper Limitation of Excessive Authentication Attempts Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2021-11-19 12:15
Modified
2024-11-21 06:26
Severity ?
Summary
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B16842-6E75-42F9-BED2-37966FB900FF",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "604BBFB4-FF96-46F9-B407-C3D9CBE73BE8",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BBE7AA-081C-48A7-AAC1-481538AEFECA",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36430A0B-7A71-4FB2-9159-6EE9C8B7DADE",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B24819D6-17F8-4ABD-8F85-DBB1C559759D",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD025F49-2590-4E99-9D63-9A5A28BF4B1F",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9EE48-348F-4358-B89B-35F111466254",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D118305-CAFD-425F-8352-3B241D2E7702",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0364A944-662E-4074-AA9A-3ACAB7A79888",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A62A40-F182-48D2-B6BA-B39632A5E92A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0364A944-662E-4074-AA9A-3ACAB7A79888",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A62A40-F182-48D2-B6BA-B39632A5E92A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D136BA5-1B89-4B27-81E6-A5ED861DF21D",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB28700C-02EB-46D0-9BAD-833CE4790264",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44ED1540-9D3B-4E1E-867C-B639D7903B02",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FC13C9-ADF3-4ED7-BDE2-FEAEC6248BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86u_zaku_ii_edition_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57AB9331-9565-42AC-B5C4-CE8A4849E285",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86u_zaku_ii_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57414ED4-B1E2-475D-9678-A0675439A80C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "781AB112-C281-4660-B494-36DBB84AF690",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax92u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB2DBB8-8782-418E-8CEB-0041694517F6",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:tuf_gaming_ax3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D4B2F3-C4BC-4B68-9D67-261B9EFAA11A",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:tuf_gaming_ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2B2BEB-574D-4D02-B15E-1A6B737B06C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:tuf-ax5400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B3959B-D5FC-4AC1-A8A9-544747178417",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:tuf-ax5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0819A22E-2913-4C13-A67D-6130E10544BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:zenwifi_xd6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F49747-32C4-4B4C-B9C6-90D3948ADABE",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:zenwifi_xd6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEAB3EB-28B7-4FB8-9ECA-3A671B51A776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:zenwifi_ax_\\(xt8\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24F0C238-58D9-4721-A8B5-CA8C6F8CE445",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:zenwifi_ax_\\(xt8\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7599D8-8837-41B3-B25A-002B2E2147DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A896450-3FC2-4386-8157-4B1CB2DCA66D",
"versionEndExcluding": "3.0.0.4.386.45911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E27ED92-86BD-4FDB-A7AF-D308AA4A14DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de protecci\u00f3n por fuerza bruta en la protecci\u00f3n CAPTCHA en ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) versiones anteriores a 3.0.4.386. 0.0.4.386.45898, y RT-AX68U versiones anteriores a 3.0.0.4.386.45911, permite a un atacante remoto intentar cualquier n\u00famero de intentos de inicio de sesi\u00f3n por medio del env\u00edo de una petici\u00f3n HTTP espec\u00edfica"
}
],
"id": "CVE-2021-41435",
"lastModified": "2024-11-21T06:26:14.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T12:15:09.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://asus.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://asus.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-19 12:15
Modified
2024-11-21 06:26
Severity ?
Summary
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B16842-6E75-42F9-BED2-37966FB900FF",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "604BBFB4-FF96-46F9-B407-C3D9CBE73BE8",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BBE7AA-081C-48A7-AAC1-481538AEFECA",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36430A0B-7A71-4FB2-9159-6EE9C8B7DADE",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D747097-702E-4046-9723-01A586336534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B24819D6-17F8-4ABD-8F85-DBB1C559759D",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD025F49-2590-4E99-9D63-9A5A28BF4B1F",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B9EE48-348F-4358-B89B-35F111466254",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D118305-CAFD-425F-8352-3B241D2E7702",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0364A944-662E-4074-AA9A-3ACAB7A79888",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A62A40-F182-48D2-B6BA-B39632A5E92A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0364A944-662E-4074-AA9A-3ACAB7A79888",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A62A40-F182-48D2-B6BA-B39632A5E92A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D136BA5-1B89-4B27-81E6-A5ED861DF21D",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB28700C-02EB-46D0-9BAD-833CE4790264",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44ED1540-9D3B-4E1E-867C-B639D7903B02",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FC13C9-ADF3-4ED7-BDE2-FEAEC6248BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax86u_zaku_ii_edition_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57AB9331-9565-42AC-B5C4-CE8A4849E285",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax86u_zaku_ii_edition:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57414ED4-B1E2-475D-9678-A0675439A80C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "781AB112-C281-4660-B494-36DBB84AF690",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax92u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB2DBB8-8782-418E-8CEB-0041694517F6",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:tuf_gaming_ax3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D4B2F3-C4BC-4B68-9D67-261B9EFAA11A",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:tuf_gaming_ax3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2B2BEB-574D-4D02-B15E-1A6B737B06C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:tuf-ax5400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B3959B-D5FC-4AC1-A8A9-544747178417",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:tuf-ax5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0819A22E-2913-4C13-A67D-6130E10544BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:zenwifi_xd6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F49747-32C4-4B4C-B9C6-90D3948ADABE",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:zenwifi_xd6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEAB3EB-28B7-4FB8-9ECA-3A671B51A776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:zenwifi_ax_\\(xt8\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24F0C238-58D9-4721-A8B5-CA8C6F8CE445",
"versionEndExcluding": "3.0.0.4.386.45898",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:zenwifi_ax_\\(xt8\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7599D8-8837-41B3-B25A-002B2E2147DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A896450-3FC2-4386-8157-4B1CB2DCA66D",
"versionEndExcluding": "3.0.0.4.386.45911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E27ED92-86BD-4FDB-A7AF-D308AA4A14DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet."
},
{
"lang": "es",
"value": "Un contrabando de peticiones HTTP en la aplicaci\u00f3n web en ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) versiones anteriores a 3.0.4.386. 0.0.4.386.45898, y RT-AX68U versiones anteriores a 3.0.0.4.386.45911, permite a un atacante remoto no autenticado hacer DoS por medio del env\u00edo de un paquete HTTP especialmente dise\u00f1ado"
}
],
"id": "CVE-2021-41436",
"lastModified": "2024-11-21T06:26:15.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T12:15:09.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://asus.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://asus.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}