CVE-2021-3128
high-risk
Published 2021-04-12
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
Do I need to act?
~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Zenwifi Ax \(Xt8\) Firmware
Rt-Ax3000 Firmware
Rt-Ax55 Firmware
Rt-Ax56U Firmware
Rt-Ax58U Firmware
Rt-Ax68U Firmware
Rt-Ax82U Firmware
Rt-Ax86U Firmware
Rt-Ax88U Firmware
Rt-Ac66U B1 Firmware
Rt-Ac1750 B1 Firmware
Rt-Ac1900 Firmware
Rt-Ac1900P Firmware
Rt-Ac1900U Firmware
Rt-Ac2900 Firmware
Rt-Ac3100 Firmware
Rt-Ac5300 Firmware
Rt-Ac58U Firmware
Rt-Ac65U Firmware
Rt-Ac68P Firmware
Affected Vendors
References (54)
and 34 more references
54
/ 100
high-risk
Severity
26/34 · High
Exploitability
6/34 · Minimal
Exposure
22/34 · High