Vulnerabilities > CVE-2021-37910 - Improper Control of Interaction Frequency vulnerability in Asus products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

asus

CWE-799

NVD

Published: 2021-11-12

Updated: 2021-11-17

Summary

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

Vulnerable Configurations

Part	Description	Count
OS	Asus Asus GT Axe11000 Firmware * Asus RT Ax3000 Firmware - Asus RT Ax3000 Firmware 3.0.0.4.384_10177 Asus RT Ax55 Firmware - Asus RT Ax58U Firmware - Asus TUF Ax3000 Firmware *	6
Hardware	Asus Asus GT Axe11000 - Asus RT Ax3000 - Asus RT Ax55 - Asus RT Ax58U - Asus TUF Ax3000 -	5

Common Weakness Enumeration (CWE)

CWE-799 - Improper Control of Interaction Frequency

References

https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html