CVE & CISA-KEV Catalog

CVE-2021-41436

HIGHEPSS 90th pctl
7.5
CVSS v3
NVD

Description

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.

How to fix

Remediation Available
gt-ax11000 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax3000 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax55 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax56u firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax56u v2 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax58u firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax68u firmwareNVD
Affected:< 3.0.0.4.386.45911Fixed in:3.0.0.4.386.45911CVE-2021-41436derived from NVD
rt-ax82u firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax82u gundam edition firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax86s firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax86u firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax86u zaku ii edition firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax88u firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
rt-ax92u firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
tuf-ax5400 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
tuf gaming ax3000 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
zenwifi ax \(xt8\) firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD
zenwifi xd6 firmwareNVD
Affected:< 3.0.0.4.386.45898Fixed in:3.0.0.4.386.45898CVE-2021-41436derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

4.57%probability of exploitation in 30 days
90thpercentile

High risk: more likely to be exploited than 90% of all known CVEs.

References

Embed a live status badge for CVE-2021-41436
CVE-2021-41436 severity badge

Markdown

[![CVE-2021-41436](https://tridentstack.com/cve/badge/CVE-2021-41436.svg)](https://tridentstack.com/cve/CVE-2021-41436)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-41436"><img src="https://tridentstack.com/cve/badge/CVE-2021-41436.svg" alt="CVE-2021-41436"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.