CVE-2021-37910

CWE-7993 documents3 sources

Severity

5.3MEDIUM

EPSS

3.3%

top 12.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Gt-axe11000 Asus Rt-ax3000 Asus Rt-ax55 +7 more

Timeline

PublishedNov 12

Latest updateMay 24

Description

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages10 packages

▶CVEListV5asus/rt-ax55unspecified — 3.0.0.4.386.45898

▶CVEListV5asus/rt-ax58uunspecified — 3.0.0.4.386.45898

▶CVEListV5asus/rt-ax3000unspecified — 3.0.0.4.386.45898

▶CVEListV5asus/tuf-ax3000unspecified — 3.0.0.4.386.45898

▶CVEListV5asus/gt-axe11000unspecified — 3.0.0.4.386.45898

🔴Vulnerability Details

GHSA

GHSA-564h-q8m3-2phw: ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attac↗2022-05-24

▶

CVEList

ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication↗2021-11-12

▶