ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication
CVE-2021-37910

3.7LOW

Key Information:

Vendor: Asus
Status: Gt-axe11000; Rt-ax3000; Rt-ax55; Rt-ax58u
Vendor: CVE Published:; 12 November 2021

Badges

👾 Exploit Exists

What is CVE-2021-37910?

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

Affected Version(s)

GT-AXE11000 < 3.0.0.4.386.45898

RT-AX3000 < 3.0.0.4.386.45898

RT-AX55 < 3.0.0.4.386.45898

References

https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 27, 2022
👾
Exploit known to exist
May 27, 2022
Vulnerability published
Nov 12, 2021
Vulnerability Reserved
Aug 2, 2021

Asus

Badges

What is CVE-2021-37910?

Affected Version(s)

References

CVSS V3.1

Timeline