Details of VAR-202111-1224

ID

VAR-202111-1224

CVE

CVE-2021-41435

TITLE

plural ASUS Product Improper Limitation of Excessive Authentication Attempts Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-015290

DESCRIPTION

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. plural ASUS The product contains an improper restriction of excessive authentication attempts vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // VULMON: CVE-2021-41435

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ax55	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax88u	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax3000	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	tuf gaming ax3000	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax56u	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	zenwifi ax \	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax86s	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax82u	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax92u	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	zenwifi xd6	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax82u gundam edition	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	tuf-ax5400	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	gt-ax11000	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax86u	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax58u	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax56u v2	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asus	model:	rt-ax68u	scope:	lt	version:	3.0.0.4.386.45911	Trust: 1.0
vendor:	asus	model:	rt-ax86u zaku ii edition	scope:	lt	version:	3.0.0.4.386.45898	Trust: 1.0
vendor:	asustek computer	model:	rt-ax58u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax56u v2	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax82u gundam edition	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax55	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax86u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax3000	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax56u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax82u	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ax86s	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	gt-ax11000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015290 // NVD: CVE-2021-41435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41435
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-41435
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202111-1641
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-41435
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-41435
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-41435
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41435
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641 // NVD: CVE-2021-41435

PROBLEMTYPE DATA

problemtype:	CWE-307	Trust: 1.0
problemtype:	Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015290 // NVD: CVE-2021-41435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1641

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1641

PATCH

title:	RT-AX68U ASUS	url:	https://www.asus.com/jp/	Trust: 0.8
title:	ASUS routers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171129	Trust: 0.6
title:	-	url:	https://github.com/efchatz/easy-exploits	Trust: 0.1

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41435	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015290	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-1641	Trust: 0.6
db:	VULMON	id:	CVE-2021-41435	Trust: 0.1

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641 // NVD: CVE-2021-41435

REFERENCES

url:	https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/networking-iot-servers/wifi-routers/all-series/rt-ax55/helpdesk_bios/	Trust: 1.7
url:	http://asus.com	Trust: 1.7
url:	https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios	Trust: 1.7
url:	https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax68u/helpdesk_bios/	Trust: 1.7
url:	https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41435	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/307.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/efchatz/easy-exploits	Trust: 0.1

sources: VULMON: CVE-2021-41435 // JVNDB: JVNDB-2021-015290 // CNNVD: CNNVD-202111-1641 // NVD: CVE-2021-41435

SOURCES

db:	VULMON	id:	CVE-2021-41435
db:	JVNDB	id:	JVNDB-2021-015290
db:	CNNVD	id:	CNNVD-202111-1641
db:	NVD	id:	CVE-2021-41435

LAST UPDATE DATE

2024-08-14T14:18:14.219000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-41435	date:	2021-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-015290	date:	2022-11-15T07:22:00
db:	CNNVD	id:	CNNVD-202111-1641	date:	2021-11-25T00:00:00
db:	NVD	id:	CVE-2021-41435	date:	2021-11-23T18:29:59.233

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-41435	date:	2021-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-015290	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-1641	date:	2021-11-19T00:00:00
db:	NVD	id:	CVE-2021-41435	date:	2021-11-19T12:15:09.330