{"id": "CVE-2021-41435", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-11-19T12:15:09.330", "references": [{"url": "http://asus.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://asus.com", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX68U/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/All-series/RT-AX55/HelpDesk_BIOS/", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request."}, {"lang": "es", "value": "Una omisi\u00f3n de protecci\u00f3n por fuerza bruta en la protecci\u00f3n CAPTCHA en ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) versiones anteriores a 3.0.4.386. 0.0.4.386.45898, y RT-AX68U versiones anteriores a 3.0.0.4.386.45911, permite a un atacante remoto intentar cualquier n\u00famero de intentos de inicio de sesi\u00f3n por medio del env\u00edo de una petici\u00f3n HTTP espec\u00edfica"}], "lastModified": "2024-11-21T06:26:14.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:gt-ax11000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5B16842-6E75-42F9-BED2-37966FB900FF", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC02F598-C10E-4C77-9BE9-CB3660893C5E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "604BBFB4-FF96-46F9-B407-C3D9CBE73BE8", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0BBE7AA-081C-48A7-AAC1-481538AEFECA", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax56u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36430A0B-7A71-4FB2-9159-6EE9C8B7DADE", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D747097-702E-4046-9723-01A586336534"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B24819D6-17F8-4ABD-8F85-DBB1C559759D", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD025F49-2590-4E99-9D63-9A5A28BF4B1F", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax82u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88B9EE48-348F-4358-B89B-35F111466254", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D118305-CAFD-425F-8352-3B241D2E7702"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0364A944-662E-4074-AA9A-3ACAB7A79888", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23A62A40-F182-48D2-B6BA-B39632A5E92A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax82u_gundam_edition_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0364A944-662E-4074-AA9A-3ACAB7A79888", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax82u_gundam_edition:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23A62A40-F182-48D2-B6BA-B39632A5E92A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax86u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D136BA5-1B89-4B27-81E6-A5ED861DF21D", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AB28700C-02EB-46D0-9BAD-833CE4790264"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax86s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44ED1540-9D3B-4E1E-867C-B639D7903B02", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax86s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2FC13C9-ADF3-4ED7-BDE2-FEAEC6248BDB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax86u_zaku_ii_edition_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57AB9331-9565-42AC-B5C4-CE8A4849E285", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax86u_zaku_ii_edition:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57414ED4-B1E2-475D-9678-A0675439A80C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "781AB112-C281-4660-B494-36DBB84AF690", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax92u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB2DBB8-8782-418E-8CEB-0041694517F6", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax92u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8EB70155-390A-472E-A0AA-59A18ADD2BF5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:tuf_gaming_ax3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5D4B2F3-C4BC-4B68-9D67-261B9EFAA11A", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:tuf_gaming_ax3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF2B2BEB-574D-4D02-B15E-1A6B737B06C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:tuf-ax5400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B3959B-D5FC-4AC1-A8A9-544747178417", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:tuf-ax5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0819A22E-2913-4C13-A67D-6130E10544BE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:zenwifi_xd6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F49747-32C4-4B4C-B9C6-90D3948ADABE", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:zenwifi_xd6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CEAB3EB-28B7-4FB8-9ECA-3A671B51A776"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:zenwifi_ax_\\(xt8\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24F0C238-58D9-4721-A8B5-CA8C6F8CE445", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:zenwifi_ax_\\(xt8\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6B7599D8-8837-41B3-B25A-002B2E2147DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax68u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A896450-3FC2-4386-8157-4B1CB2DCA66D", "versionEndExcluding": "3.0.0.4.386.45911"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E27ED92-86BD-4FDB-A7AF-D308AA4A14DC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}