CVE-2021-3166

HIGH

ASUS DSL-N14U-B1 1.1.2.3_805 - Unrestricted Firmware Upload via Settings_DSL-N14U-B1.trx

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3166. PoCs published by kaisersource.

AI-analyzed exploit summary The repository describes a vulnerability in Asus DSL-N14U_B1 v.1.1.2.3_805 where an attacker can upload a malicious file disguised as a firmware update (Settings_ProductName.trx) to trigger a DoS condition by shutting down services. The README provides a technical overview of the exploit mechanism but lacks functional exploit code.

Description

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.

Exploits (1)

nomisec WRITEUP
by kaisersource · poc
https://github.com/kaisersource/CVE-2021-3166

The repository describes a vulnerability in Asus DSL-N14U_B1 v.1.1.2.3_805 where an attacker can upload a malicious file disguised as a firmware update (Settings_ProductName.trx) to trigger a DoS condition by shutting down services. The README provides a technical overview of the exploit mechanism but lacks functional exploit code.

Classification
Writeup 80%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Asus DSL-N14U_B1 v.1.1.2.3_805
No auth needed
Prerequisites: Access to the firmware upload functionality
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://kaisersource.github.io/dsl-n14u

Scores

CVSS v3 7.5
EPSS 0.0288
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-434
Status published
Products (1)
asus/dsl-n14u_b1_firmware 1.1.2.3_805
Published Jan 18, 2021
Tracked Since Feb 18, 2026