Search criteria
9 vulnerabilities found for RT-AX3000 by ASUS
VAR-202306-0752
Vulnerability from variot - Updated: 2025-01-05 22:56ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked. ASUSTeK COMPUTER INC. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, for the purpose of disseminating it to product users. JVN It was announced at
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0752",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.388.23403"
},
{
"model": "asus \u30eb\u30fc\u30bf\u30fc rt-ax3000",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asus \u30eb\u30fc\u30bf\u30fc rt-ax3000",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "asus router rt-ax3000 firmware 3.0.0.4.388.23403 before that"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"cve": "CVE-2023-31195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2023-000048",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2023-31195",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-000048",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-31195",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-31195",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2023-000048",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-745",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without \u0027Secure\u0027 attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted (\u0027http\u0027) connection, the user\u0027s session may be hijacked. ASUSTeK COMPUTER INC. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, for the purpose of disseminating it to product users. JVN It was announced at",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-31195"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "VULMON",
"id": "CVE-2023-31195"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-31195",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN34232595",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000048",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202306-745",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-31195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-31195"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"id": "VAR-202306-0752",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3125
},
"last_update_date": "2025-01-05T22:56:13.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AX3000 series (RT-AX3000/RT-AX3000\u00a0V2)",
"trust": 0.8,
"url": "https://www.asus.com/jp/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2Name=RT-AX3000"
},
{
"title": "ASUS RT-AX3000 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=242487"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2name=rt-ax3000"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn34232595/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn34232595/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-31195"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-31195/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000048.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-31195"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-31195"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
},
{
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-31195"
},
{
"date": "2023-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"date": "2023-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-745"
},
{
"date": "2023-06-13T10:15:10.410000",
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-31195"
},
{
"date": "2024-04-18T08:43:00",
"db": "JVNDB",
"id": "JVNDB-2023-000048"
},
{
"date": "2023-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-745"
},
{
"date": "2025-01-03T20:15:25.963000",
"db": "NVD",
"id": "CVE-2023-31195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS\u00a0 router \u00a0RT-AX3000\u00a0 In \u00a0Secure\u00a0 without attributes \u00a0Cookie\u00a0 Usage vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000048"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-745"
}
],
"trust": 0.6
}
}
VAR-202104-1666
Vulnerability from variot - Updated: 2024-11-23 22:47In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-1666",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac85u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1750 b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac66u b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac3100",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac1900u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68w",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac1900p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac85u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68rw",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1750 b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac66u b1",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac65u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68r",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac3100",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68w",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac5300",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac1900p",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac2900",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac68rw",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ac68r",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac65u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "9.0.0.4.386.41994"
},
{
"model": "rt-ac1900u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.42095"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"cve": "CVE-2021-3128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-3128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-3128",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3128",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-652",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-3128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware \u003c 3.0.0.4.386.42095 or \u003c 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP\u0027s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3128"
},
{
"db": "VULMON",
"id": "CVE-2021-3128"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3128",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-3128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"id": "VAR-202104-1666",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5126495055
},
"last_update_date": "2024-11-23T22:47:39.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUS router Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147226"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-834",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac3100/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1900p/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax88u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68rw/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac65u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax82u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac2900/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1900u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1900/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax86u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac58u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax58u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac86u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac1750_b1/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax3000/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac66u-b1/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax68u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac88u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax56u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac5300/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68w/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68p/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68u/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac68r/helpdesk_download/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/supportonly/rt-ac85u/helpdesk_download/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3128"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/834.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"date": "2021-04-12T19:15:14.830000",
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3128"
},
{
"date": "2021-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-652"
},
{
"date": "2024-11-21T06:20:56.883000",
"db": "NVD",
"id": "CVE-2021-3128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-AX3000 Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-652"
}
],
"trust": 0.6
}
}
VAR-202111-1223
Vulnerability from variot - Updated: 2024-11-23 22:33An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. plural ASUS The product has HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. ASUS routers is a router from ASUS, Taiwan, China.
ASUS routers has a security vulnerability. The vulnerability stems from a problem with the router firmware verifying HTTP data packets. Unauthenticated remote attackers can use this vulnerability to perform denial of service attacks by sending specially crafted HTTP data packets
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf gaming ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86s",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u v2",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax92u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u zaku ii edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi xd6",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45911"
},
{
"model": "gt-ax11000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf-ax5400",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u gundam edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u v2",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u gundam edition",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax55",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86s",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-ax11000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "routers",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"cve": "CVE-2021-41436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-41436",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-99877",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-41436",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-41436",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41436",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41436",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-99877",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-41436",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. plural ASUS The product has HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. ASUS routers is a router from ASUS, Taiwan, China. \n\r\n\r\nASUS routers has a security vulnerability. The vulnerability stems from a problem with the router firmware verifying HTTP data packets. Unauthenticated remote attackers can use this vulnerability to perform denial of service attacks by sending specially crafted HTTP data packets",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41436",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-99877",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41436",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"id": "VAR-202111-1223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
}
],
"trust": 1.09064731125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
}
]
},
"last_update_date": "2024-11-23T22:33:00.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AX68U ASUS",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "Patch for ASUS routers environmental issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/305656"
},
{
"title": "ASUS routers Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171131"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41436"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/all-series/rt-ax55/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "http://asus.com"
},
{
"trust": 1.7,
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax68u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"date": "2021-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"date": "2022-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"date": "2021-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"date": "2021-11-19T12:15:09.390000",
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-99877"
},
{
"date": "2021-11-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41436"
},
{
"date": "2022-11-15T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-015289"
},
{
"date": "2021-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1643"
},
{
"date": "2024-11-21T06:26:15.047000",
"db": "NVD",
"id": "CVE-2021-41436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ASUS\u00a0 In the product \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1643"
}
],
"trust": 0.6
}
}
VAR-202111-1224
Vulnerability from variot - Updated: 2024-11-23 22:29A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. plural ASUS The product contains an improper restriction of excessive authentication attempts vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax88u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf gaming ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86s",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi ax \\",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u v2",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax92u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax86u zaku ii edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "zenwifi xd6",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax56u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax68u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45911"
},
{
"model": "gt-ax11000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf-ax5400",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax82u gundam edition",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u v2",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u gundam edition",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax55",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax56u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax82u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax86s",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-ax11000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"cve": "CVE-2021-41435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-41435",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-41435",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-41435",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41435",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-41435",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1641",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-41435",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. plural ASUS The product contains an improper restriction of excessive authentication attempts vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "VULMON",
"id": "CVE-2021-41435"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41435",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41435",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"id": "VAR-202111-1224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4178826414285714
},
"last_update_date": "2024-11-23T22:29:11.173000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-AX68U ASUS",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "ASUS routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171129"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.0
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8-/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/all-series/rt-ax55/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "http://asus.com"
},
{
"trust": 1.7,
"url": "https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax68u/helpdesk_bios/"
},
{
"trust": 1.7,
"url": "https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41435"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/307.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"date": "2022-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"date": "2021-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"date": "2021-11-19T12:15:09.330000",
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41435"
},
{
"date": "2022-11-15T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2021-015290"
},
{
"date": "2021-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1641"
},
{
"date": "2024-11-21T06:26:14.863000",
"db": "NVD",
"id": "CVE-2021-41435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ASUS\u00a0 Product Improper Limitation of Excessive Authentication Attempts Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-015290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1641"
}
],
"trust": 0.6
}
}
VAR-202102-1432
Vulnerability from variot - Updated: 2024-11-23 22:11Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. ASUSWRT ASUS RT-AX3000 There is an unspecified vulnerability in the firmware.Denial of service (DoS) It may be put into a state. ASUS RT-AX3000 is a piece of firmware from ASUS, Taiwan, China that runs in its routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax3000",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.384_10177"
},
{
"model": "rt-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "rt-ax3000 firmware 3.0.0.4.384_10177 and earlier"
},
{
"model": "rt-ax3000",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000 \u003c=3.0.0.4.384 10177",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"cve": "CVE-2021-3229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-3229",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-73652",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-3229",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-3229",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3229",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-3229",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-73652",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-552",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-3229",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
},
{
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. ASUSWRT ASUS RT-AX3000 There is an unspecified vulnerability in the firmware.Denial of service (DoS) It may be put into a state. ASUS RT-AX3000 is a piece of firmware from ASUS, Taiwan, China that runs in its routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3229"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "VULMON",
"id": "CVE-2021-3229"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3229",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-73652",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-552",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-3229",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
},
{
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"id": "VAR-202102-1432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
}
],
"trust": 1.25625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
}
]
},
"last_update_date": "2024-11-23T22:11:06.553000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASUSWRT\u00a0Software\u00a0Features ASUS",
"trust": 0.8,
"url": "https://dlcdnimgs.asus.com/websites/global/productcustomizedTab/562/ASUSWRT%20portal%20feature.pdf"
},
{
"title": "Patch for ASUS RT-AX3000 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/292891"
},
{
"title": "ASUSWRT ASUS RT-AX3000 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141723"
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/fullbbadda1208/cve-2021-3229"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3229"
},
{
"trust": 1.7,
"url": "https://dlcdnimgs.asus.com/websites/global/productcustomizedtab/562/asuswrt%20portal%20feature.pdf"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/asuswrt/"
},
{
"trust": 0.6,
"url": "https://github.com/fullbbadda1208/asuswrt-denial_of_service/blob/master/vulnerability%20report.md"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
},
{
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
},
{
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"date": "2021-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"date": "2021-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-552"
},
{
"date": "2021-02-05T22:15:13.830000",
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-73652"
},
{
"date": "2021-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3229"
},
{
"date": "2021-10-26T05:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-003388"
},
{
"date": "2021-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-552"
},
{
"date": "2024-11-21T06:21:08.920000",
"db": "NVD",
"id": "CVE-2021-3229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUSWRT\u00a0ASUS\u00a0RT-AX3000\u00a0 Firmware vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-552"
}
],
"trust": 0.6
}
}
VAR-202207-0160
Vulnerability from variot - Updated: 2024-08-14 15:27ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zenwifi xd4s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ac mini",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax86u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac87u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-acrh13",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12vp b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2400",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi pro et12",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac5300",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12e c1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac55u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68uf",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xd6",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1300g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56s",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax82u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1300uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12hp b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac85u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200g",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "tuf gaming ax3000 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac55uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1750 b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n14uhp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac3100",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi pro xt12",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac51u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi et8",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax92u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax58u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax55",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac3200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xt9",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ac5300",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1750",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax3000",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ax11000",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax89x",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi xd5",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax hybrid",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac52u b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12\\+ b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax mini",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac53",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac85p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n19",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68w",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200gu",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax56u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac51u\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ax88u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12d1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac65p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ax",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "4g-ac68u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "zenwifi ac",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac57u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n18u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac68p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac86u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac65u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac66u b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "4g-ac53u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac2600",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac87r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-acrh17",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "tuf gaming ax5400",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n12e b1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rog rapture gt-ac2900",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200hp",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1900p",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac56r",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac88u",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-ac1200",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-n66c1",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.46061"
},
{
"model": "rt-a88u 3.0.0.4.386 45898",
"scope": null,
"trust": 0.6,
"vendor": "asus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"cve": "CVE-2021-43702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-43702",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-58229",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2021-43702",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43702",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-58229",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-389",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43702",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U is a wireless router from ASUS (ASUS) in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43702"
},
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43702",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2022-58229",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43702",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"id": "VAR-202207-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
}
],
"trust": 1.2372652696875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
}
]
},
"last_update_date": "2024-08-14T15:27:14.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ASUS RT-A88U Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/345646"
},
{
"title": "ASUS RT-A88U Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.kroll.com/en/insights/publications/cyber/cve-2021-43702-from-discovery-to-patch"
},
{
"trust": 1.7,
"url": "https://www.asus.com/uk/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac88u/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-43702/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"date": "2022-07-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"date": "2022-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"date": "2022-07-05T12:15:07.830000",
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43702"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-389"
},
{
"date": "2022-07-18T15:27:57.557000",
"db": "NVD",
"id": "CVE-2021-43702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-A88U Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-58229"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-389"
}
],
"trust": 0.6
}
}
VAR-202111-0625
Vulnerability from variot - Updated: 2024-08-14 14:55ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. plural ASUS Router product firmware contains a vulnerability related to interaction frequency control.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-ax55",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "gt-axe11000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "tuf-ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": "lt",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.4.386.45898"
},
{
"model": "rt-ax58u",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "tuf-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax55",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "gt-axe11000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-ax3000",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"cve": "CVE-2021-37910",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-37910",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37910",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "twcert@cert.org.tw",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-37910",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-37910",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37910",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2021-37910",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2021-37910",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1140",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-37910",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users\u0027 connections by sending specially crafted SAE authentication frames. plural ASUS Router product firmware contains a vulnerability related to interaction frequency control.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "VULMON",
"id": "CVE-2021-37910"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37910",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1140",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37910",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"id": "VAR-202111-0625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.40625
},
"last_update_date": "2024-08-14T14:55:45.698000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.asus.com/jp/"
},
{
"title": "ASUS routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170946"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-799",
"trust": 1.0
},
{
"problemtype": "Improper control of interaction frequency (CWE-799) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37910"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/799.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
},
{
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"date": "2022-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"date": "2021-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1140"
},
{
"date": "2021-11-12T02:15:06.640000",
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37910"
},
{
"date": "2022-10-31T05:44:00",
"db": "JVNDB",
"id": "JVNDB-2021-014873"
},
{
"date": "2021-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1140"
},
{
"date": "2021-11-17T16:20:51.950000",
"db": "NVD",
"id": "CVE-2021-37910"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ASUS\u00a0 Vulnerability related to interaction frequency control in router product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014873"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1140"
}
],
"trust": 0.6
}
}
CVE-2024-0401 (GCVE-0-2024-0401)
Vulnerability from nvd – Published: 2024-05-20 16:55 – Updated: 2025-11-22 12:25
VLAI?
Title
ASUS OVPN RCE
Summary
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | ExpertWiFi |
Affected:
0 , < 3.0.0.6.102_44544
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jacob Baines
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:asus:rt-ax58u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac67u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac67u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68r:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68r",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asus:expertwifi:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expertwifi",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax55:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax55",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax86_series:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax86_series",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac86u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac88u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac88u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax3000:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax3000",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68p:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68p",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac2900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac2900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:zenwifi_xt8:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24621",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:51:52.209755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:40.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExpertWiFi",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX55",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC67U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68R",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX86 Series",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX3000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_52303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:4g-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51925",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24209",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T12:25:40.045Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the vendor provided firmware update.\u003cbr\u003e"
}
],
"value": "Apply the vendor provided firmware update."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ASUS OVPN RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0401",
"datePublished": "2024-05-20T16:55:18.891Z",
"dateReserved": "2024-01-10T15:27:41.121Z",
"dateUpdated": "2025-11-22T12:25:40.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0401 (GCVE-0-2024-0401)
Vulnerability from cvelistv5 – Published: 2024-05-20 16:55 – Updated: 2025-11-22 12:25
VLAI?
Title
ASUS OVPN RCE
Summary
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | ExpertWiFi |
Affected:
0 , < 3.0.0.6.102_44544
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jacob Baines
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:asus:rt-ax58u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax58u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac67u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac67u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68r:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68r",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:asus:expertwifi:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "expertwifi",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax55:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax55",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax86_series:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax86_series",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac86u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac86u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac88u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac88u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ax3000:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ax3000",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac68p:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac68p",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac1900u:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac1900u",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:rt-ac2900:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rt-ac2900",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:zenwifi_xt8:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zenwifi_xt8",
"vendor": "asus",
"versions": [
{
"lessThan": "3.0.0.4.388_24621",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:51:52.209755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:40.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExpertWiFi",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.6.102_44544",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX55",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_52303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX58U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC67U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68R",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC68U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51685",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX86 Series",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24243",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AC86U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.386_51925",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX88U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24209",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RT-AX3000",
"vendor": "ASUS",
"versions": [
{
"lessThan": "3.0.0.4.388_24762",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax55:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_52303",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax58u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:4g-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68r:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac68u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51685",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ac86u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.386_51925",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax88u:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24209",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rt-ax3000:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388_24762",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T12:25:40.045Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/asus-ovpn-rce"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the vendor provided firmware update.\u003cbr\u003e"
}
],
"value": "Apply the vendor provided firmware update."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ASUS OVPN RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0401",
"datePublished": "2024-05-20T16:55:18.891Z",
"dateReserved": "2024-01-10T15:27:41.121Z",
"dateUpdated": "2025-11-22T12:25:40.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}