CVE-2021-41435

CWE-3073 documents3 sources

Severity

9.8CRITICAL

EPSS

2.5%

top 14.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Asus Gt-ax11000 Firmware Asus Rt-ax3000 Firmware Asus Rt-ax55 Firmware +15 more

Timeline

PublishedNov 19

Latest updateNov 20

Description

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific H…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages18 packages

▶NVDasus/rt-ax86u_zaku_ii_edition_firmware< 3.0.0.4.386.45898

▶NVDasus/rt-ax82u_gundam_edition_firmware< 3.0.0.4.386.45898

▶NVDasus/tuf_gaming_ax3000_firmware< 3.0.0.4.386.45898

▶NVDasus/rt-ax86u_firmware< 3.0.0.4.386.45898

▶NVDasus/rt-ax82u_firmware< 3.0.0.4.386.45898

🔴Vulnerability Details

GHSA

GHSA-hjq5-v65p-2p24: A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, R↗2021-11-20

▶

CVEList

CVE-2021-41435: A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, R↗2021-11-19

▶