kaisersource/CVE-2021-3166: CVE-2021-3166

Abstract

An issue was discovered on Asus DSL-N14U_B1 v.1.1.2.3_805. An attacker can upload any file to the Firmware box as long as it is renamed as Settings_ProductName.trx (eg. Settings_DSL-N14U-B1.trx). Once the file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in DoS condition