CVE-2021-37910

{"id": "CVE-2021-37910", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2021-11-12T02:15:06.640", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-799"}]}], "descriptions": [{"lang": "en", "value": "ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames."}, {"lang": "es", "value": "El protocolo de acceso protegido Wi-Fi de los routers ASUS (WPA2 y WPA3-SAE), presenta un control inapropiado de la vulnerabilidad de la frecuencia de interacci\u00f3n, un atacante no autenticado puede desconectar remotamente las conexiones de otros usuarios enviando tramas de autenticaci\u00f3n SAE especialmente dise\u00f1adas"}], "lastModified": "2021-11-17T16:20:51.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:gt-axe11000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6831981E-FCDC-4F91-AA49-38C764C4F49E", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:gt-axe11000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C08C95C-E4AC-41B3-B8F6-F99BA8319F12"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "604BBFB4-FF96-46F9-B407-C3D9CBE73BE8", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1515AF83-732F-489B-A25C-5D67A03A3B25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax55_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0BBE7AA-081C-48A7-AAC1-481538AEFECA", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax58u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD025F49-2590-4E99-9D63-9A5A28BF4B1F", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "855509B2-CE29-4A04-B412-C160139EA392"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:tuf-ax3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A27F57A-8A07-4BD0-BD6E-8384693532A3", "versionEndExcluding": "3.0.0.4.386.45898"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:tuf-ax3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2691AD6-CA0D-41AB-AEDB-2DFED44678CB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "twcert@cert.org.tw"}