← Back

CVE-2021-41435

nvd nist
Published: Nov 19, 2021Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

Affected (18)

Asus
18 products
Gt Ax11000 Firmware
Rt Ax3000 Firmware
Rt Ax55 Firmware
Rt Ax56u Firmware
Rt Ax56u V2 Firmware
Rt Ax58u Firmware
Rt Ax82u Firmware
Rt Ax82u Gundam Edition Firmware
Rt Ax86u Firmware
Rt Ax86s Firmware
Rt Ax86u Zaku Ii Edition Firmware
Rt Ax88u Firmware
Rt Ax92u Firmware
Tuf Gaming Ax3000 Firmware
Tuf Ax5400 Firmware
Zenwifi Xd6 Firmware
Zenwifi Ax (xt8) Firmware
Rt Ax68u Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gt Ax11000 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Gt Ax11000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax3000 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax3000
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax55 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax55
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax56u Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax56u
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax56u V2 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax56u V2
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax58u Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax58u
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax82u Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax82u
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax82u Gundam Edition Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax82u Gundam Edition
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax86u Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax86u
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax86s Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax86s
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax86u Zaku Ii Edition Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax86u Zaku Ii Edition
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax88u Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax88u
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax92u Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Rt Ax92u
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tuf Gaming Ax3000 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Tuf Gaming Ax3000
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tuf Ax5400 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Tuf Ax5400
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zenwifi Xd6 Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Zenwifi Xd6
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zenwifi Ax (xt8) Firmware
Before 3.0.0.4.386.45898
Running on/withPlatform Versions
Asus
Zenwifi Ax (xt8)
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rt Ax68u Firmware
Before 3.0.0.4.386.45911
Running on/withPlatform Versions
Asus
Rt Ax68u
All versions

Related CWEs

CWE-307
Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (16)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: cve@mitre.org
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductVendor Advisory

Timeline

No history available yet.