HTTP Request Smuggling Vulnerability in ASUS Wi-Fi Routers and ZenWiFi Systems
CVE-2021-41436

7.5HIGH

Key Information:

Vendor: Asus
Status: Gt-ax11000 Firmware
Vendor: CVE Published:; 19 November 2021

What is CVE-2021-41436?

A vulnerability exists in multiple ASUS Wi-Fi routers and ZenWiFi systems that allows remote unauthenticated attackers to exploit HTTP request smuggling techniques. This could lead to a denial-of-service (DoS) condition by sending specially crafted HTTP packets, potentially disrupting the operation of affected devices. Users are advised to apply the latest firmware updates to mitigate this issue.

References

http://asus.com

x_refsource_MISC

https://www.asus.com/Networking-IoT-Servers/Whole-Home-Me...

x_refsource_MISC

https://rog.asus.com/networking/rog-rapture-gt-ax11000-mo...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2021
Vulnerability Reserved
Sep 20, 2021

Asus

What is CVE-2021-41436?

References

EPSS Score

CVSS V3.1

Timeline