CVE-2021-3166: Malicious File Upload
First published: Mon Jan 18 2021(Updated: )
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus DSL-N14U B1 | =1.1.2.3_805 | |
| Asus DSL-N14U B1 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-3166?
CVE-2021-3166 is classified as a high severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2021-3166?
To mitigate CVE-2021-3166, update your ASUS DSL-N14U-B1 device firmware to the latest stable version provided by ASUS.
What type of attack does CVE-2021-3166 allow?
CVE-2021-3166 allows an attacker to upload arbitrary files to the device, potentially leading to service disruption.
Which devices are affected by CVE-2021-3166?
CVE-2021-3166 affects ASUS DSL-N14U-B1 devices running firmware version 1.1.2.3_805.
Can CVE-2021-3166 lead to unauthorized access?
Yes, CVE-2021-3166 can lead to unauthorized access and control over the affected device through malicious firmware uploads.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/asus
- canonical/asus dsl-n14u b1
- version/asus dsl-n14u b1/1.1.2.3_805
- canonical/asus dsl-n14u b1 firmware