Vulnerability Details CVE-2021-41437
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/
- https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/
Products affected by CVE-2021-41437
-
cpe:2.3:h:asus:rt-ax88u:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:-
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4730
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.4736
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5247
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5329
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5640
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.5951
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.384.6210
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42095
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42819
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.42820
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.44266
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45375
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45898
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.45934
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46061
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.46065
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.48631
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.386.49674
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20499
-
cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20518