PT-2021-19466 · Asus · Asus Dsl-N14U-B1

Kaisersource

Published

2021-01-18

Updated

2021-01-27

CVE-2021-3166

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ASUS DSL-N14U-B1 version 1.1.2.3 805

Description An issue allows an attacker to upload arbitrary file content as a firmware update when the filename Settings DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered, resulting in a persistent outage of those services.

Recommendations For version 1.1.2.3 805, avoid using the filename Settings DSL-N14U-B1.trx for firmware updates until a patch is available. As a temporary workaround, consider restricting access to the firmware update feature to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-3166

Affected Products

Asus Dsl-N14U-B1

PT-2021-19466 · Asus · Asus Dsl-N14U-B1

CVE-2021-3166

Weakness Enumeration

Related Identifiers

Affected Products

References · 5