{"containers": {"cna": {"affected": [{"product": "GT-AXE11000", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4.386.45898", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "RT-AX3000", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4.386.45898", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "RT-AX55", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4.386.45898", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "RT-AX58U", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4.386.45898", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TUF-AX3000", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4.386.45898", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-799", "description": "CWE-799 Improper Control of Interaction Frequency", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-12T01:40:13", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"}], "solutions": [{"lang": "en", "value": "Update Routes firmware to last version:\nASUS GT-AXE11000 v3.0.0.4.386.45898\nASUS RT-AX3000 v3.0.0.4.386.45898\nASUS RT-AX55 v3.0.0.4.386.45898\nASUS RT-AX58U v3.0.0.4.386.45898\nASUS TUF-AX3000 v3.0.0.4.386.45898"}], "source": {"advisory": "TVN-202109034", "discovery": "EXTERNAL"}, "title": "ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-11-12T07:06:00.000Z", "ID": "CVE-2021-37910", "STATE": "PUBLIC", "TITLE": "ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GT-AXE11000", "version": {"version_data": [{"version_affected": "<", "version_value": "3.0.0.4.386.45898"}]}}, {"product_name": "RT-AX3000", "version": {"version_data": [{"version_affected": "<", "version_value": "3.0.0.4.386.45898"}]}}, {"product_name": "RT-AX55", "version": {"version_data": [{"version_affected": "<", "version_value": "3.0.0.4.386.45898"}]}}, {"product_name": "RT-AX58U", "version": {"version_data": [{"version_affected": "<", "version_value": "3.0.0.4.386.45898"}]}}, {"product_name": "TUF-AX3000", "version": {"version_data": [{"version_affected": "<", "version_value": "3.0.0.4.386.45898"}]}}]}, "vendor_name": "ASUS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-799 Improper Control of Interaction Frequency"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"}]}, "solution": [{"lang": "en", "value": "Update Routes firmware to last version:\nASUS GT-AXE11000 v3.0.0.4.386.45898\nASUS RT-AX3000 v3.0.0.4.386.45898\nASUS RT-AX55 v3.0.0.4.386.45898\nASUS RT-AX58U v3.0.0.4.386.45898\nASUS TUF-AX3000 v3.0.0.4.386.45898"}], "source": {"advisory": "TVN-202109034", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:30:09.144Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-37910", "datePublished": "2021-11-12T01:40:13.569980Z", "dateReserved": "2021-08-02T00:00:00", "dateUpdated": "2024-09-16T19:05:28.405Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:gt-axe11000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6831981E-FCDC-4F91-AA49-38C764C4F49E", "versionEndExcluding": "3.0.0.4.386.45898", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:gt-axe11000:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C08C95C-E4AC-41B3-B8F6-F99BA8319F12", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "604BBFB4-FF96-46F9-B407-C3D9CBE73BE8", "versionEndExcluding": "3.0.0.4.386.45898", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0BBE7AA-081C-48A7-AAC1-481538AEFECA", "versionEndExcluding": "3.0.0.4.386.45898", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD025F49-2590-4E99-9D63-9A5A28BF4B1F", "versionEndExcluding": "3.0.0.4.386.45898", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*", "matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:tuf-ax3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A27F57A-8A07-4BD0-BD6E-8384693532A3", "versionEndExcluding": "3.0.0.4.386.45898", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:tuf-ax3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2691AD6-CA0D-41AB-AEDB-2DFED44678CB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames."}, {"lang": "es", "value": "El protocolo de acceso protegido Wi-Fi de los routers ASUS (WPA2 y WPA3-SAE), presenta un control inapropiado de la vulnerabilidad de la frecuencia de interacci\u00f3n, un atacante no autenticado puede desconectar remotamente las conexiones de otros usuarios enviando tramas de autenticaci\u00f3n SAE especialmente dise\u00f1adas"}], "id": "CVE-2021-37910", "lastModified": "2024-11-21T06:16:02.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-12T02:15:06.640", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-799"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}

{}