CVE-2021-3166:ASUS DSL-N14U-B1 1.1.2.3_805 devices are vulnerable to arbitrary file upload as firmware updates, allowing attackers to cause persistent service outages.

splash
Back

Description Preview

A vulnerability was discovered in ASUS DSL-N14U-B1 1.1.2.3_805 devices where attackers can upload arbitrary file content by disguising it as a firmware update. By using the specific filename "Settings_DSL-N14U-B1.trx", attackers can bypass validation checks and cause the router to process the malicious file as a legitimate firmware update. This triggers shutdown procedures for various services as part of the normal update process, but since the file is not a valid firmware, these services remain in a non-functional state, resulting in a persistent denial of service condition.

Overview

This vulnerability (CVE-2021-3166) is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). The issue affects ASUS DSL-N14U-B1 routers running firmware version 1.1.2.3_805. The vulnerability allows attackers to upload arbitrary files by exploiting insufficient validation in the firmware update mechanism. When a file with the name "Settings_DSL-N14U-B1.trx" is uploaded, the router initiates the update process regardless of the actual file content. This causes the router to shut down critical services in preparation for the update, but since the file is not a valid firmware image, these services remain disabled, effectively creating a persistent denial of service condition that requires manual intervention to resolve.

Remediation

  1. Update to the latest firmware version provided by ASUS if a patch is available.
  2. Implement network segmentation to restrict access to the router's management interface.
  3. Use strong, unique credentials for router administration.
  4. Monitor router logs for unusual activity or unauthorized access attempts.
  5. If affected by this attack, a hard reset of the router to factory defaults may be required to restore functionality.
  6. Consider implementing a firewall or other security measures to prevent unauthorized access to the router's administration interface.
  7. Regularly check for firmware updates from ASUS that address this vulnerability.

References

  1. Original vulnerability disclosure: https://kaisersource.github.io/dsl-n14u
  2. Detailed technical analysis: https://github.com/kaisersource/kaisersource.github.io/blob/main/_posts/2021-01-17-dsl-n14u.md
  3. CWE-434: Unrestricted Upload of File with Dangerous Type: https://cwe.mitre.org/data/definitions/434.html
  4. MITRE CVE Entry: CVE-2021-3166

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background