PT-2021-23298 · Asus · Rt-Ax86 Series+16
Constantinos Kolias
+2
·
Published
2021-11-19
·
Updated
2021-11-23
·
CVE-2021-41436
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
ASUS ROG Rapture GT-AX11000 versions prior to 3.0.0.4.386.45898
RT-AX3000 versions prior to 3.0.0.4.386.45898
RT-AX55 versions prior to 3.0.0.4.386.45898
RT-AX56U versions prior to 3.0.0.4.386.45898
RT-AX56U V2 versions prior to 3.0.0.4.386.45898
RT-AX58U versions prior to 3.0.0.4.386.45898
RT-AX82U versions prior to 3.0.0.4.386.45898
RT-AX82U GUNDAM EDITION versions prior to 3.0.0.4.386.45898
RT-AX86 Series (RT-AX86U/RT-AX86S) versions prior to 3.0.0.4.386.45898
RT-AX86U ZAKU II EDITION versions prior to 3.0.0.4.386.45898
RT-AX88U versions prior to 3.0.0.4.386.45898
RT-AX92U versions prior to 3.0.0.4.386.45898
TUF Gaming AX3000 versions prior to 3.0.0.4.386.45898
TUF Gaming AX5400 (TUF-AX5400) versions prior to 3.0.0.4.386.45898
ASUS ZenWiFi XD6 versions prior to 3.0.0.4.386.45898
ASUS ZenWiFi AX (XT8) versions prior to 3.0.0.4.386.45898
RT-AX68U versions prior to 3.0.0.4.386.45911
Description
The issue is related to HTTP request smuggling in the web application of the affected devices, allowing a remote unauthenticated attacker to perform a denial-of-service (DoS) attack via sending a specially crafted HTTP packet.
Recommendations
ASUS ROG Rapture GT-AX11000: Update to version 3.0.0.4.386.45898 or later.
RT-AX3000: Update to version 3.0.0.4.386.45898 or later.
RT-AX55: Update to version 3.0.0.4.386.45898 or later.
RT-AX56U: Update to version 3.0.0.4.386.45898 or later.
RT-AX56U V2: Update to version 3.0.0.4.386.45898 or later.
RT-AX58U: Update to version 3.0.0.4.386.45898 or later.
RT-AX82U: Update to version 3.0.0.4.386.45898 or later.
RT-AX82U GUNDAM EDITION: Update to version 3.0.0.4.386.45898 or later.
RT-AX86 Series (RT-AX86U/RT-AX86S): Update to version 3.0.0.4.386.45898 or later.
RT-AX86U ZAKU II EDITION: Update to version 3.0.0.4.386.45898 or later.
RT-AX88U: Update to version 3.0.0.4.386.45898 or later.
RT-AX92U: Update to version 3.0.0.4.386.45898 or later.
TUF Gaming AX3000: Update to version 3.0.0.4.386.45898 or later.
TUF Gaming AX5400 (TUF-AX5400): Update to version 3.0.0.4.386.45898 or later.
ASUS ZenWiFi XD6: Update to version 3.0.0.4.386.45898 or later.
ASUS ZenWiFi AX (XT8): Update to version 3.0.0.4.386.45898 or later.
RT-AX68U: Update to version 3.0.0.4.386.45911 or later.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asus Rog Rapture Gt-Ax11000
Asus Zenwifi Ax
Asus Zenwifi Xd6
Rt-Ax3000
Rt-Ax55
Rt-Ax56U
Rt-Ax56U V2
Rt-Ax58U
Rt-Ax68U
Rt-Ax82U
Rt-Ax82U Gundam Edition
Rt-Ax86 Series
Rt-Ax86U Zaku Ii Edition
Rt-Ax88U
Rt-Ax92U
Tuf Gaming Ax3000
Tuf Gaming Ax5400