CVE-2021-41435 Information

Description

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000 RT-AX3000 RT-AX55 RT-AX56U RT-AX56U_V2 RT-AX58U RT-AX82U RT-AX82U GUNDAM EDITION RT-AX86 Series(RT-AX86U/RT-AX86S) RT-AX86U ZAKU II EDITION RT-AX88U RT-AX92U TUF Gaming AX3000 TUF Gaming AX5400 (TUF-AX5400) ASUS ZenWiFi XD6 ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898 and RT-AX68U before 3.0.0.4.386.45911 allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/ https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/ https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/ https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/ http://asus.com https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/ https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8