Excessive Traffic Issue in ASUS Routers During IPv6 Operations
CVE-2021-3128

7.5HIGH

Key Information:

Vendor
Asus
Status
Zenwifi Ax \(xt8\) Firmware
Vendor
CVE Published:
12 April 2021

Summary

Certain ASUS routers, specifically models RT-AX3000, ZenWiFi AX (XT8), and RT-AX88U among others, face a routing loop issue when utilizing IPv6. This defect, which occurs in firmware versions prior to 3.0.0.4.386.42095 or 9.0.0.4.386.41994, can lead to an excessive flow of network traffic. The condition is triggered when an IP routing setup erroneously points to a point-to-point link. When the device receives a router advertisement with a global IPv6 prefix marked as on-link, it can result in a continuous loop of data packets, overwhelming the connection between the affected router and the Internet Service Provider's router.

References

https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-se...
x_refsource_MISC
https://www.asus.com/Networking-IoT-Servers/Whole-Home-Me...
x_refsource_MISC
https://www.asus.com/Networking-IoT-Servers/WiFi-6/All-se...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.