CVE-2021-3166

Published: Jan 18, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.

Affected (1)

Products: Asus: Dsl N14u B1 Firmware

1 product

Dsl N14u B1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Dsl N14u B1 Firmware	Version 1.1.2.3_805

Running on/with	Platform Versions
Asus Dsl N14u B1	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/kaisersource/kaisersource.github.io/blob/main/_posts/2021-01-17-dsl-n14u.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://kaisersource.github.io/dsl-n14u

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/kaisersource/kaisersource.github.io/blob/main/_posts/2021-01-17-dsl-n14u.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://kaisersource.github.io/dsl-n14u

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.