PT-2021-23297 · Asus · Rt-Ax86 Series+17
Constantinos Kolias
+2
·
Published
2021-11-19
·
Updated
2021-11-23
·
CVE-2021-41435
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASUS ROG Rapture GT-AX11000 versions prior to 3.0.0.4.386.45898
RT-AX3000 versions prior to 3.0.0.4.386.45898
RT-AX55 versions prior to 3.0.0.4.386.45898
RT-AX56U versions prior to 3.0.0.4.386.45898
RT-AX56U V2 versions prior to 3.0.0.4.386.45898
RT-AX58U versions prior to 3.0.0.4.386.45898
RT-AX82U versions prior to 3.0.0.4.386.45898
RT-AX82U GUNDAM EDITION versions prior to 3.0.0.4.386.45898
RT-AX86 Series(RT-AX86U/RT-AX86S) versions prior to 3.0.0.4.386.45898
RT-AX86U ZAKU II EDITION versions prior to 3.0.0.4.386.45898
RT-AX88U versions prior to 3.0.0.4.386.45898
RT-AX92U versions prior to 3.0.0.4.386.45898
TUF Gaming AX3000 versions prior to 3.0.0.4.386.45898
TUF Gaming AX5400 (TUF-AX5400) versions prior to 3.0.0.4.386.45898
ASUS ZenWiFi XD6 versions prior to 3.0.0.4.386.45898
ASUS ZenWiFi AX (XT8) versions prior to 3.0.0.4.386.45898
RT-AX68U versions prior to 3.0.0.4.386.45911
Description
A brute-force protection bypass in CAPTCHA protection allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
Recommendations
For ASUS ROG Rapture GT-AX11000, update to version 3.0.0.4.386.45898 or later.
For RT-AX3000, update to version 3.0.0.4.386.45898 or later.
For RT-AX55, update to version 3.0.0.4.386.45898 or later.
For RT-AX56U, update to version 3.0.0.4.386.45898 or later.
For RT-AX56U V2, update to version 3.0.0.4.386.45898 or later.
For RT-AX58U, update to version 3.0.0.4.386.45898 or later.
For RT-AX82U, update to version 3.0.0.4.386.45898 or later.
For RT-AX82U GUNDAM EDITION, update to version 3.0.0.4.386.45898 or later.
For RT-AX86 Series(RT-AX86U/RT-AX86S), update to version 3.0.0.4.386.45898 or later.
For RT-AX86U ZAKU II EDITION, update to version 3.0.0.4.386.45898 or later.
For RT-AX88U, update to version 3.0.0.4.386.45898 or later.
For RT-AX92U, update to version 3.0.0.4.386.45898 or later.
For TUF Gaming AX3000, update to version 3.0.0.4.386.45898 or later.
For TUF Gaming AX5400 (TUF-AX5400), update to version 3.0.0.4.386.45898 or later.
For ASUS ZenWiFi XD6, update to version 3.0.0.4.386.45898 or later.
For ASUS ZenWiFi AX (XT8), update to version 3.0.0.4.386.45898 or later.
For RT-AX68U, update to version 3.0.0.4.386.45911 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus Rog Rapture Gt-Ax11000
Asus Zenwifi Ax
Asus Zenwifi Xd6
Rt-Ax3000
Rt-Ax55
Rt-Ax56U
Rt-Ax56U V2
Rt-Ax58U
Rt-Ax68U
Rt-Ax82U
Rt-Ax82U Gundam Edition
Rt-Ax86 Series
Rt-Ax86U
Rt-Ax86U Zaku Ii Edition
Rt-Ax88U
Rt-Ax92U
Tuf Gaming Ax3000
Tuf Gaming Ax5400