Critical Alert 2 Active Exploits Detected Today

CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability →
CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2021-32030NVD

Vulnerability Summary

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN.
Severity Level
UNKNOWN
Published Date
May 6, 2021
Last Modified
Oct 21, 2025
Exploitation Status
ACTIVE
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
N/A