First published: Fri Nov 12 2021(Updated: )
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Gt-axe11000 Firmware | <3.0.0.4.386.45898 | |
Asus Gt-axe11000 | ||
ASUS RT-AX3000 firmware | <3.0.0.4.386.45898 | |
ASUS RT-AX3000 | ||
Asus Rt-ax55 Firmware | <3.0.0.4.386.45898 | |
ASUS RT-AX55 | ||
Asus Rt-ax58u Firmware | <3.0.0.4.386.45898 | |
Asus Rt-ax58u | ||
Asus Tuf-ax3000 Firmware | <3.0.0.4.386.45898 | |
Asus Tuf-ax3000 |
Update Routes firmware to last version: ASUS GT-AXE11000 v3.0.0.4.386.45898 ASUS RT-AX3000 v3.0.0.4.386.45898 ASUS RT-AX55 v3.0.0.4.386.45898 ASUS RT-AX58U v3.0.0.4.386.45898 ASUS TUF-AX3000 v3.0.0.4.386.45898
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37910 is a vulnerability in ASUS routers' Wi-Fi protected access protocol (WPA2 and WPA3-SAE) that allows an unauthenticated attacker to remotely disconnect other users' connections.
ASUS GT-AXE11000 firmware up to version 3.0.0.4.386.45898 and ASUS RT-AX3000 firmware up to version 3.0.0.4.386.45898 are affected by CVE-2021-37910.
CVE-2021-37910 has a severity score of 5.3, which is considered medium.
An unauthenticated attacker can exploit CVE-2021-37910 by sending specially crafted SAE authentication frames to remotely disconnect other users' connections.
If your ASUS router is running GT-AXE11000 firmware up to version 3.0.0.4.386.45898 or RT-AX3000 firmware up to version 3.0.0.4.386.45898, it is vulnerable to CVE-2021-37910.