ASUS Routers Improper Authentication Vulnerability

CVE-2021-32030

Action was due by: 6/23/2025

CISA Known Exploited Vulnerability

This vulnerability is part of CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.

Overview

ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Vendor

ASUS

Product

Routers

Affected Versions

See vendor advisory

Technical Description

This vulnerability was identified in Routers by ASUS. ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Exploitability

Medium - Publicly disclosed

Impact

Significant security impact

Additional Notes

https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030

Required Action (CISA)

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 6/23/2025

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32030

https://nvd.nist.gov/vuln/detail/CVE-2021-32030

https://www.cisa.gov/known-exploited-vulnerabilities-catalog