CWE
307
Advisory Published
Updated

CVE-2021-41435

First published: Fri Nov 19 2021(Updated: )

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Asus Gt-ax11000 Firmware<3.0.0.4.386.45898
Asus Gt-ax11000
ASUS RT-AX3000 firmware<3.0.0.4.386.45898
ASUS RT-AX3000
Asus Rt-ax55 Firmware<3.0.0.4.386.45898
ASUS RT-AX55
Asus Rt-ax56u Firmware<3.0.0.4.386.45898
ASUS RT-AX56U
Asus Rt-ax56u V2 Firmware<3.0.0.4.386.45898
ASUS RT-AX56U V2
Asus Rt-ax58u Firmware<3.0.0.4.386.45898
Asus Rt-ax58u
Asus Rt-ax82u Firmware<3.0.0.4.386.45898
Asus RT-AX82U
Asus Rt-ax82u Gundam Edition Firmware<3.0.0.4.386.45898
Asus Rt-ax82u Gundam Edition
Asus Rt-ax86u Firmware<3.0.0.4.386.45898
ASUS RT-AX86U
Asus Rt-ax86s Firmware<3.0.0.4.386.45898
Asus Rt-ax86s
Asus Rt-ax86u Zaku Ii Edition Firmware<3.0.0.4.386.45898
Asus Rt-ax86u Zaku Ii Edition
Asus Rt-ax88u Firmware<3.0.0.4.386.45898
ASUS RT-AX88U
Asus Rt-ax92u Firmware<3.0.0.4.386.45898
ASUS RT-AX92U
Asus Tuf Gaming Ax3000 Firmware<3.0.0.4.386.45898
Asus Tuf Gaming Ax3000
Asus Tuf-ax5400 Firmware<3.0.0.4.386.45898
Asus Tuf-ax5400
Asus Zenwifi Xd6 Firmware<3.0.0.4.386.45898
ASUS ZenWiFi XD6
Asus Zenwifi Ax \(xt8\) Firmware<3.0.0.4.386.45898
Asus Zenwifi Ax \(xt8\)
Asus Rt-ax68u Firmware<3.0.0.4.386.45911
Asus Rt-ax68u

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203