// For flags

CVE-2021-41437

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.

Un ataque de división de la respuesta HTTP en la aplicación web en ASUS RT-AX88U versiones anteriores a v3.0.0.4.388.20558, permite a un atacante diseñar una URL específica que si una víctima autenticada la visita, la URL dará acceso al almacenamiento en la nube del atacante.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-09-20 CVE Reserved
  • 2022-09-26 CVE Published
  • 2024-04-18 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Asus
Search vendor "Asus"
 Rt-ax88u Firmware
Search vendor "Asus" for product "Rt-ax88u Firmware"
 < 3.0.0.4.388.20558
Search vendor "Asus" for product "Rt-ax88u Firmware" and version " < 3.0.0.4.388.20558"
-
Affected
in Asus
Search vendor "Asus"
 Rt-ax88u
Search vendor "Asus" for product "Rt-ax88u"
--
Safe