Vulnerability Description
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asus | Rt-Ax88U Firmware | < 3.0.0.4.388.20558 |
| Asus | Rt-Ax88U | - |
Related Weaknesses (CWE)
References
- https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437PatchThird Party Advisory
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-PatchProductVendor Advisory
- https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437PatchThird Party Advisory
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-PatchProductVendor Advisory
FAQ
What is CVE-2021-41437?
CVE-2021-41437 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give ...
How severe is CVE-2021-41437?
CVE-2021-41437 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41437?
Check the references section above for vendor advisories and patch information. Affected products include: Asus Rt-Ax88U Firmware, Asus Rt-Ax88U.