Vulnerability type
HTTP Response splitting (CVE-2021-41437)
Vendor
ASUS
Affected product
RT-AX88U
Attack type
Remote
Affected components
The AiCloud component of the current web app is vulnerable to an HTTP response splitting attack.
Attack vector
An attacker can craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Patch
Fixed from firmware v3.0.0.4.388.20558 (https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS/)