Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41437

An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.

Published

2022-09-26T14:15:09.627

Last Modified

2025-05-21T19:15:55.587

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-74
Type: Secondary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	rt-ax88u_firmware	< 3.0.0.4.388.20558	Yes
Hardware	asus	rt-ax88u	-	No

References

https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437 Patch, Third Party Advisory ([email protected])
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/ Patch, Product, Vendor Advisory ([email protected])
https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/ Patch, Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)