CVE-2021-41435

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
asusgt-ax11000_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax3000_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax55_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax56u_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax56u_v2_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax58u_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax82u_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax82u_gundam_edition_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax82u_gundam_edition_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax86u_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax86s_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax86u_zaku_ii_edition_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax88u_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax92u_firmware
𝑥
< 3.0.0.4.386.45898
asustuf_gaming_ax3000_firmware
𝑥
< 3.0.0.4.386.45898
asustuf-ax5400_firmware
𝑥
< 3.0.0.4.386.45898
asuszenwifi_xd6_firmware
𝑥
< 3.0.0.4.386.45898
asuszenwifi_ax_\(xt8\)_firmware
𝑥
< 3.0.0.4.386.45898
asusrt-ax68u_firmware
𝑥
< 3.0.0.4.386.45911
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://asus.com
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/
http://asus.com
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/