πŸ”΄ CVE-2021-32030

Authentication bypass vulnerability in ASUS router administrator interfaces allows unauthenticated remote attackers to gain full administrative access. The vulnerability affects router web management interfaces that are commonly exposed to the internet for remote administration.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2021-05-06

Added to CISA KEV: 2025-06-02 1488 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2021-32030 is an authentication bypass vulnerability affecting specific ASUS networking devices. Below is a summary of the known details:

Overview and Impact
  • Vulnerability Type: Authentication Bypass [1].
  • Impact: Successful exploitation allows an unauthenticated, remote attacker to gain unauthorized access to the device's administrator interface [1]. This effectively grants the attacker full administrative control over the router, which can lead to further compromise of the network.
Exploitation Details
  • Attack Method: The vulnerability exists in the administrator application (specifically related to `handle_request` in `router/httpd/httpd.c` and `auth_check` in `web_hook.o`) [2]. It is triggered by sending a specially crafted request containing a null byte (`\0`) value, which causes the server to incorrectly identify the request as authenticated [4] [2].
  • Requirements: The attack is performed remotely over the network and does not require user interaction [1].
  • Exploit Availability: Detection templates for this vulnerability are available in security scanning tools like Nuclei, which are used to identify vulnerable instances [3].
Threat Landscape and Exploitation
  • Active Exploitation: This vulnerability is included in the CISA Known Exploited Vulnerabilities (KEV) Catalog, confirming that it has been actively exploited in the wild [1].
  • Usage: While specific details regarding its use in named ransomware campaigns are not always publicly attributed in detail, its inclusion in the CISA KEV catalog indicates it is a significant target for threat actors seeking initial access or control over networking infrastructure.
Affected Products and Mitigation
  • Affected Versions:
* ASUS GT-AC2900: Versions before `3.0.0.4.386.42643` [1]. * Lyra Mini: Versions before `3.0.0.4_384_46630` [1].
  • Mitigation:
* Patching: Users should update to the latest available firmware provided by ASUS. * Workaround: For devices that are end-of-life (EOL) or if patching is not immediately possible, users can mitigate the risk by disabling remote access features (specifically the web administration interface) from the WAN side [2].

Sources

  1. NVD - CVE-2021-32030

    An official website of the United States government Here's how you know ... CVE-2021-32030 Detail. Description. The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an un…

  2. CVE-2021-32030 - Vulnerability Details - OpenCVE

    The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_reques…

  3. nuclei-templates/http/cves/2021/CVE-2021-32030.yaml at main...

    Community curated list of templates for the nuclei engine to find security vulnerabilities. - nuclei-templates/http/cves/2021/CVE-2021-32030.yaml at main Β· projectdiscovery/nuclei-templates.

  4. CVE-2021-32030: ASUS GT-AC2900 Authentication Bypass

    This condition results in the server incorrectly identifying the request as being authenticated. The following example shows a normal request ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed