CVE-2021-41435
First published: Fri Nov 19 2021(Updated: )
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ASUS ROG Rapture GT-AX11000 Firmware | <3.0.0.4.386.45898 | |
| ASUS GT-AX11000 Firmware | ||
| All of | ||
| ASUS TUF Gaming AX3000 V2 Firmware | <3.0.0.4.386.45898 | |
| ASUS routers | ||
| All of | ||
| ASUS RT-AX55 Firmware | <3.0.0.4.386.45898 | |
| ASUS routers | ||
| All of | ||
| ASUS RT-AX56U V2 firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX56U firmware | ||
| All of | ||
| ASUS RT-AX56U V2 firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX56U V2 firmware | ||
| All of | ||
| ASUS RT-AX58U Firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX58U Firmware | ||
| All of | ||
| Asus RT-AX82U firmware | <3.0.0.4.386.45898 | |
| Asus RT-AX82U firmware | ||
| All of | ||
| ASUS RT-AX82U GUNDAM EDITION | <3.0.0.4.386.45898 | |
| ASUS RT-AX82U GUNDAM EDITION | ||
| All of | ||
| ASUS RT-AX86U ZAKU II EDITION firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX86 | ||
| All of | ||
| ASUS RT-AX86S | <3.0.0.4.386.45898 | |
| ASUS RT-AX86S firmware | ||
| All of | ||
| ASUS RT-AX86U ZAKU II EDITION | <3.0.0.4.386.45898 | |
| ASUS RT-AX86U ZAKU II EDITION firmware | ||
| All of | ||
| ASUS RT-AX88U Firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX88U Firmware | ||
| All of | ||
| ASUS RT-AX92U Firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX92U Firmware | ||
| All of | ||
| ASUS TUF Gaming AX3000 | <3.0.0.4.386.45898 | |
| ASUS TUF Gaming AX3000 firmware | ||
| All of | ||
| ASUS TUF Gaming AX5400 | <3.0.0.4.386.45898 | |
| ASUS TUF-AX5400 firmware | ||
| All of | ||
| Asus XD6 Firmware | <3.0.0.4.386.45898 | |
| ASUS ZenWiFi XD6 Firmware | ||
| All of | ||
| ASUS ZenWiFi AX (xt8) Firmware | <3.0.0.4.386.45898 | |
| ASUS ZenWiFi AX (xt8) | ||
| All of | ||
| ASUS RT-AX68U | <3.0.0.4.386.45911 | |
| ASUS RT-AX68U Firmware | ||
| ASUS ROG Rapture GT-AX11000 Firmware | <3.0.0.4.386.45898 | |
| ASUS GT-AX11000 Firmware | ||
| ASUS TUF Gaming AX3000 V2 Firmware | <3.0.0.4.386.45898 | |
| ASUS routers | ||
| ASUS RT-AX55 Firmware | <3.0.0.4.386.45898 | |
| ASUS routers | ||
| ASUS RT-AX56U V2 firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX56U firmware | ||
| ASUS RT-AX56U V2 firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX56U V2 firmware | ||
| ASUS RT-AX58U Firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX58U Firmware | ||
| Asus RT-AX82U firmware | <3.0.0.4.386.45898 | |
| Asus RT-AX82U firmware | ||
| ASUS RT-AX82U GUNDAM EDITION | <3.0.0.4.386.45898 | |
| ASUS RT-AX82U GUNDAM EDITION | ||
| ASUS RT-AX86U ZAKU II EDITION firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX86 | ||
| ASUS RT-AX86S | <3.0.0.4.386.45898 | |
| ASUS RT-AX86S firmware | ||
| ASUS RT-AX86U ZAKU II EDITION | <3.0.0.4.386.45898 | |
| ASUS RT-AX86U ZAKU II EDITION firmware | ||
| ASUS RT-AX88U Firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX88U Firmware | ||
| ASUS RT-AX92U Firmware | <3.0.0.4.386.45898 | |
| ASUS RT-AX92U Firmware | ||
| ASUS TUF Gaming AX3000 | <3.0.0.4.386.45898 | |
| ASUS TUF Gaming AX3000 firmware | ||
| ASUS TUF Gaming AX5400 | <3.0.0.4.386.45898 | |
| ASUS TUF-AX5400 firmware | ||
| Asus XD6 Firmware | <3.0.0.4.386.45898 | |
| ASUS ZenWiFi XD6 Firmware | ||
| ASUS ZenWiFi AX (xt8) Firmware | <3.0.0.4.386.45898 | |
| ASUS ZenWiFi AX (xt8) | ||
| ASUS RT-AX68U | <3.0.0.4.386.45911 | |
| ASUS RT-AX68U Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://asus.com
- https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios
- https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/
- https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/
Frequently Asked Questions
What is the severity of CVE-2021-41435?
CVE-2021-41435 has a medium severity rating due to its potential for brute-force protection bypass.
How do I fix CVE-2021-41435?
To fix CVE-2021-41435, update your affected ASUS router firmware to the latest version available on the ASUS support website.
Which ASUS devices are affected by CVE-2021-41435?
CVE-2021-41435 affects multiple ASUS routers including ROG Rapture GT-AX11000 and RT-AX3000, among others.
Is there a way to mitigate CVE-2021-41435 if I cannot update my firmware?
If you cannot update your firmware, consider disabling remote access and using strong, unique passwords to mitigate the risks associated with CVE-2021-41435.
Who should be concerned about CVE-2021-41435?
Users of the affected ASUS routers should be concerned about CVE-2021-41435, especially if their devices are exposed to the internet.
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/asus
- canonical/asus rog rapture gt-ax11000 firmware
- canonical/asus gt-ax11000 firmware
- canonical/asus tuf gaming ax3000 v2 firmware
- canonical/asus routers
- canonical/asus rt-ax55 firmware
- canonical/asus rt-ax56u v2 firmware
- canonical/asus rt-ax56u firmware
- canonical/asus rt-ax58u firmware
- canonical/asus rt-ax82u firmware
- canonical/asus rt-ax82u gundam edition
- canonical/asus rt-ax86u zaku ii edition firmware
- canonical/asus rt-ax86
- canonical/asus rt-ax86s
- canonical/asus rt-ax86s firmware
- canonical/asus rt-ax86u zaku ii edition
- canonical/asus rt-ax88u firmware
- canonical/asus rt-ax92u firmware
- canonical/asus tuf gaming ax3000
- canonical/asus tuf gaming ax3000 firmware
- canonical/asus tuf gaming ax5400
- canonical/asus tuf-ax5400 firmware
- canonical/asus xd6 firmware
- canonical/asus zenwifi xd6 firmware
- canonical/asus zenwifi ax (xt8) firmware
- canonical/asus zenwifi ax (xt8)
- canonical/asus rt-ax68u
- canonical/asus rt-ax68u firmware