CVE-2021-41435 — CRITICAL (9.8)

Q: How severe is CVE-2021-41435?

CVE-2021-41435 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-41435?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Gt-Ax11000 Firmware, Asus Gt-Ax11000, Asus Rt-Ax3000 Firmware, Asus Rt-Ax3000, Asus Rt-Ax55 Firmware.

Vulnerability Description

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Asus	Gt-Ax11000 Firmware	< 3.0.0.4.386.45898
Asus	Gt-Ax11000	-
Asus	Rt-Ax3000 Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax3000	-
Asus	Rt-Ax55 Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax55	-
Asus	Rt-Ax56U Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax56U	-
Asus	Rt-Ax56U V2 Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax56U V2	-
Asus	Rt-Ax58U Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax58U	-
Asus	Rt-Ax82U Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax82U	-
Asus	Rt-Ax82U Gundam Edition Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax82U Gundam Edition	-
Asus	Rt-Ax86U Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax86U	-
Asus	Rt-Ax86S Firmware	< 3.0.0.4.386.45898
Asus	Rt-Ax86S	-

Related Weaknesses (CWE)

CWE-307

References

http://asus.comVendor Advisory
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_biosProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-ProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-ProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AXProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AXProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AXProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpProductVendor Advisory
http://asus.comVendor Advisory
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_biosProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-ProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-ProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AXProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AXProductVendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AXProductVendor Advisory

FAQ

What is CVE-2021-41435?

CVE-2021-41435 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT...

How severe is CVE-2021-41435?

CVE-2021-41435 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-41435?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Gt-Ax11000 Firmware, Asus Gt-Ax11000, Asus Rt-Ax3000 Firmware, Asus Rt-Ax3000, Asus Rt-Ax55 Firmware.