CVE-2021-37910

LOW

ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 < 3.0.0.4.386.45898 DoS via SAE Frames

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-37910. PoCs published by efchatz.

AI-analyzed exploit summary The repository contains a collection of exploit scripts for various CVEs, including CVE-2022-41540. The exploits are primarily HTTP-based attacks targeting vulnerabilities in ASUS, D-Link, Netgear, and TP-Link devices.

Description

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

Exploits (1)

nomisec WORKING POC 17 stars
by efchatz · poc
https://github.com/efchatz/easy-exploits

The repository contains a collection of exploit scripts for various CVEs, including CVE-2022-41540. The exploits are primarily HTTP-based attacks targeting vulnerabilities in ASUS, D-Link, Netgear, and TP-Link devices.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: ASUS RT-AX88U (and other affected devices)
No auth needed
Prerequisites: Network access to the target device · Curl or similar HTTP client
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html

Scores

CVSS v3 3.7
EPSS 0.0238
EPSS Percentile 81.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-799
Status published
Products (5)
asus/gt-axe11000_firmware < 3.0.0.4.386.45898
asus/rt-ax3000_firmware < 3.0.0.4.386.45898
asus/rt-ax55_firmware < 3.0.0.4.386.45898
asus/rt-ax58u_firmware < 3.0.0.4.386.45898
asus/tuf-ax3000_firmware < 3.0.0.4.386.45898
Published Nov 12, 2021
Tracked Since Feb 18, 2026