#VU104127 Improper Authentication in GT-AC2900 and Lyra Mini - CVE-2021-32030
Published: February 21, 2025 / Updated: June 2, 2025
Vulnerability identifier: #VU104127
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-32030
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
GT-AC2900
Lyra Mini
GT-AC2900
Lyra Mini
Software vendor:
Asus
Asus
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.
External links
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0010.md
- https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AC2900/HelpDesk_BIOS/
- https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/
- https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass
- https://jvn.jp/en/vu/JVNVU97639704/index.html