CVE-2021-32030 Scanner
CVE-2021-32030 scanner - Authentication Bypass vulnerability in Administrator Application on ASUS GT-AC2900 Devices
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
The ASUS GT-AC2900 is a high-performance dual-band wireless router that is designed to provide a fast and reliable internet connection for homes and small offices. The administrator application on this device is used to manage and configure the settings of the router. It is a web-based interface that can be accessed from any device connected to the network. This application plays a crucial role in ensuring that the router is secure and functioning properly.
The CVE-2021-32030 vulnerability that was recently detected in the ASUS GT-AC2900 administrator application is a serious security flaw that has the potential to compromise the security of the entire network. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the administrator interface of the router. The vulnerability is present in the handle_request function in router/httpd/httpd.c and the auth_check function in web_hook.o. An attacker can exploit this vulnerability by supplying the device with a value of '\0' that matches its default value in certain situations.
If this vulnerability is exploited, an attacker can gain access to the administrator interface of the router. This can allow them to make unauthorized changes to the router's settings, such as modifying the network configuration, changing the WiFi password, and installing malicious firmware updates. An attacker could also use this access to eavesdrop on the network traffic and steal sensitive information, such as usernames and passwords.
In conclusion, the CVE-2021-32030 vulnerability presents a serious security risk to the ASUS GT-AC2900 router. It is important for users to take the necessary precautions to protect themselves against this vulnerability, such as installing firmware updates and changing login credentials. By using the pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets and take proactive steps to safeguard their networks against attacks.
REFERENCES
