ID

VAR-202111-1224


CVE

CVE-2021-41435


TITLE

plural  ASUS  Product Improper Limitation of Excessive Authentication Attempts Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-015290

DESCRIPTION

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. plural ASUS The product contains an improper restriction of excessive authentication attempts vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // VULMON: CVE-2021-41435

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax3000scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax88uscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:tuf gaming ax3000scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax58uscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax86sscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:zenwifi ax \scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax82uscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax56u v2scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax92uscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax86uscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax86u zaku ii editionscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:zenwifi xd6scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax56uscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax68uscope:ltversion:3.0.0.4.386.45911

Trust: 1.0

vendor:asusmodel:gt-ax11000scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:tuf-ax5400scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax82u gundam editionscope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asusmodel:rt-ax55scope:ltversion:3.0.0.4.386.45898

Trust: 1.0

vendor:asustek computermodel:rt-ax58uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax56u v2scope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax82u gundam editionscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax55scope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax86uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax3000scope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax56uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax82uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax86sscope: - version: -

Trust: 0.8

vendor:asustek computermodel:gt-ax11000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015290 // NVD: CVE-2021-41435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41435
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-41435
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202111-1641
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-41435
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-41435
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-41435
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-41435
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641 // NVD: CVE-2021-41435

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015290 // NVD: CVE-2021-41435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1641

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1641

PATCH

title:RT-AX68U ASUSurl:https://www.asus.com/jp/

Trust: 0.8

title:ASUS routers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171129

Trust: 0.6

title: - url:https://github.com/efchatz/easy-exploits

Trust: 0.1

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641

EXTERNAL IDS

db:NVDid:CVE-2021-41435

Trust: 3.3

db:JVNDBid:JVNDB-2021-015290

Trust: 0.8

db:CNNVDid:CNNVD-202111-1641

Trust: 0.6

db:VULMONid:CVE-2021-41435

Trust: 0.1

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641 // NVD: CVE-2021-41435

REFERENCES

url:https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/

Trust: 1.7

url:https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/

Trust: 1.7

url:https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/

Trust: 1.7

url:https://www.asus.com/networking-iot-servers/wifi-routers/all-series/rt-ax55/helpdesk_bios/

Trust: 1.7

url:http://asus.com

Trust: 1.7

url:https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios

Trust: 1.7

url:https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax68u/helpdesk_bios/

Trust: 1.7

url:https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-41435

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/307.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/efchatz/easy-exploits

Trust: 0.1

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641 // NVD: CVE-2021-41435

SOURCES

db:VULMONid:CVE-2021-41435
db:JVNDBid:JVNDB-2021-015290
db:CNNVDid:CNNVD-202111-1641
db:NVDid:CVE-2021-41435

LAST UPDATE DATE

2024-11-23T22:29:11.173000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-41435date:2021-11-23T00:00:00
db:JVNDBid:JVNDB-2021-015290date:2022-11-15T07:22:00
db:CNNVDid:CNNVD-202111-1641date:2021-11-25T00:00:00
db:NVDid:CVE-2021-41435date:2024-11-21T06:26:14.863

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-41435date:2021-11-19T00:00:00
db:JVNDBid:JVNDB-2021-015290date:2022-11-15T00:00:00
db:CNNVDid:CNNVD-202111-1641date:2021-11-19T00:00:00
db:NVDid:CVE-2021-41435date:2021-11-19T12:15:09.330