CVE-2021-32030

9.8CRITICAL

Key Information

Vendor: Asus
Status: Gt-ac2900 Firmware
Vendor: CVE Published:; 6 May 2021

Summary

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations.

EPSS Score

52% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 6, 2021
Vulnerability Reserved.
May 5, 2021

Collectors

NVD DatabaseMitre Database