Login Sign Up

CVE-2021-46247

7.5 HIGH

📋 TL;DR

CVE-2021-46247 is a hard-coded cryptographic key vulnerability in ASUS CMAX6000 routers that allows attackers to decrypt encrypted data. This affects all users of ASUS CMAX6000 v1.02.00 who rely on the device's encryption for data protection.

💻 Affected Systems

Products:
  • ASUS CMAX6000
Versions: v1.02.00
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Cmax6000 Firmware by Asus

View all CVEs affecting Cmax6000 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt all encrypted communications and stored data, potentially exposing sensitive information, credentials, and network traffic.

🟠

Likely Case

Local network attackers or those with physical access decrypt intercepted encrypted data from the router.

🟢

If Mitigated

With network segmentation and monitoring, impact is limited to isolated network segments.

🌐 Internet-Facing: MEDIUM - While the vulnerability exists in the device, exploitation typically requires access to encrypted data, which may be intercepted from internet-facing services.
🏢 Internal Only: HIGH - Internal attackers or compromised devices on the same network can easily exploit this to decrypt router communications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires access to encrypted data but no authentication to the device itself. The hard-coded key makes decryption trivial once encrypted data is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.02.01 or later

Vendor Advisory: https://www.asus.com/support/FAQ/1048284/

Restart Required: Yes

Instructions:

1. Log into ASUS router admin interface. 2. Navigate to Firmware Upgrade section. 3. Download latest firmware from ASUS support site. 4. Upload and install firmware update. 5. Reboot router after installation completes.

🔧 Temporary Workarounds

Disable router encryption features

all

Turn off any encryption services on the router that use the vulnerable cryptographic implementation

Use external VPN/encryption

all

Route all sensitive traffic through external VPN or encryption services not dependent on router encryption

🧯 If You Can't Patch

  • Segment network to isolate ASUS CMAX6000 from sensitive systems
  • Monitor network traffic for unusual decryption attempts or data exfiltration

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Log > General Log or Firmware Version page

Check Version:

Login to router web interface and check Firmware Version in System Settings

Verify Fix Applied:

Verify firmware version is v1.02.01 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed decryption attempts
  • Unusual access to encrypted data stores

Network Indicators:

  • Unexpected decryption of router management traffic
  • Traffic patterns suggesting encrypted data interception

SIEM Query:

source="router_logs" AND ("decryption" OR "crypto" OR "key") AND severity>=medium

📊 Metadata

CVE ID: CVE-2021-46247
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-798
Published: February 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46247, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)