Published:2025/02/17 Last Updated:2025/02/17
JVNVU#97639704
ASUSTeK COMPUTER Lyra mini vulnerable to improper authentication
Overview
Lyra mini provided by ASUSTeK COMPUTER INC. contains an improper authentication vulnerability.
Products Affected
- Lyra Mini all versions
Description
Lyra mini provided by ASUSTeK COMPUTER INC. contains an improper authentication vulnerability (CWE-287, CVE-2021-32030).
Impact
An attacker may conduct unauthorized access to the administrative interface.
Solution
Apply the Workaround
The developer states that the support for the affected product ended therefore there is no plan to provide the firmware update.
The developer recommends users should disable the remote access features from WAN.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| ASUSTeK COMPUTER INC. | Lyra mini - Support |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score:
9.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.