A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Asus
  • Tuf Gaming Ax3000
  • Rt-ax86u
  • Rt-ax92u
  • Tuf-ax5400 Firmware
  • Rt-ax58u Firmware
  • Rt-ax86u Zaku Ii Edition Firmware
  • Zenwifi Ax \(xt8\)
  • Rt-ax86s
  • Rt-ax55 Firmware
  • Rt-ax68u
  • Rt-ax86u Firmware
  • Rt-ax82u Gundam Edition
  • Rt-ax56u
  • Rt-ax82u
  • Rt-ax3000
  • Rt-ax82u Firmware
  • Rt-ax3000 Firmware
  • Rt-ax68u Firmware
  • Rt-ax56u V2 Firmware
  • Rt-ax82u Gundam Edition Firmware
  • Zenwifi Ax \(xt8\) Firmware
  • Zenwifi Xd6 Firmware
  • Rt-ax88u Firmware
  • Rt-ax86s Firmware
  • Rt-ax86u Zaku Ii Edition
  • Rt-ax58u
  • Rt-ax56u Firmware
  • Gt-ax11000 Firmware
  • Rt-ax88u
  • Rt-ax55
  • Tuf Gaming Ax3000 Firmware
  • Rt-ax56u V2
  • Tuf-ax5400
  • Zenwifi Xd6
  • Rt-ax92u Firmware
  • Gt-ax11000

Configuration 1 [-]

AND
cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:asus:rt-ax56u_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:asus:rt-ax86s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax86s:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:asus:rt-ax86u_zaku_ii_edition_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax86u_zaku_ii_edition:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:asus:rt-ax92u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:asus:tuf_gaming_ax3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:tuf_gaming_ax3000:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:asus:tuf-ax5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:tuf-ax5400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:asus:zenwifi_xd6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:zenwifi_xd6:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:asus:zenwifi_ax_\(xt8\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:zenwifi_ax_\(xt8\):-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*
References
Link Resource
http://asus.com Vendor Advisory
https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios Product Vendor Advisory
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/ Product Vendor Advisory
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/ Product Vendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/ Product Vendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/ Product Vendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/ Product Vendor Advisory
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/ Product Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-11-19T11:26:30

Updated: 2021-11-19T11:26:30

Reserved: 2021-09-20T00:00:00

Link: CVE-2021-41435

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-11-19T12:15:09.330

Modified: 2021-11-23T18:29:59.233

Link: CVE-2021-41435

JSON object: View

cve-icon Redhat Information

No data.

CWE