CVE-2021-37910

ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication

CVSS 3.7 LOWEPSS 2.4%CWE-799

In short

ASUS routers with WPA2/WPA3 security have a weakness that lets attackers disconnect other users from Wi-Fi by sending specially crafted network messages, without needing to know the Wi-Fi password.

Technical detail

The vulnerability exists in the SAE (Simultaneous Authentication of Equals) authentication frame handling, where insufficient rate limiting on authentication attempts allows unauthenticated attackers to remotely trigger denial-of-service conditions by flooding the access point with malformed authentication frames, resulting in disconnection of legitimate clients.

Summary generated and translated by AI from the official description.

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

ASUS · GT-AXE11000 ASUS · RT-AX3000 ASUS · RT-AX55 ASUS · RT-AX58U ASUS · TUF-AX3000

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html