Login Sign Up

CVE-2021-3254

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Asus DSL-N14U-B1 routers allows remote attackers to cause a Denial of Service (DoS) by sending TCP SYN packets, which can crash or disrupt the device's network services. It affects users of this specific router model with vulnerable firmware. The attack requires no authentication and can be performed using common network scanning tools like nmap.

💻 Affected Systems

Products:
  • Asus DSL-N14U-B1
Versions: 1.1.2.3_805
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects this specific firmware version on this router model. Default configuration is vulnerable.

📦 What is this software?

Dsl N14u B1 Firmware by Asus

View all CVEs affecting Dsl N14u B1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical power cycle, disrupting all network connectivity for connected devices.

🟠

Likely Case

Temporary network service disruption affecting internet connectivity and local network services.

🟢

If Mitigated

Minimal impact with proper network segmentation and firewall rules blocking external SYN scans.

🌐 Internet-Facing: HIGH - Router is typically internet-facing and vulnerable to remote unauthenticated attacks.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit uses standard nmap SYN scan: 'nmap -sS [target_ip]'. No special tools or authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Check Asus support site for firmware updates. If newer firmware exists, download from Asus website and flash via router admin interface.

🔧 Temporary Workarounds

Firewall SYN Flood Protection

linux

Configure firewall to limit SYN packets per second to prevent DoS

iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP

Network Segmentation

all

Place router behind another firewall or in DMZ to limit direct exposure

🧯 If You Can't Patch

  • Replace router with supported model that receives security updates
  • Implement network monitoring to detect SYN flood attacks and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.1.2.3_805, device is vulnerable.

Check Version:

Login to router admin interface (typically 192.168.1.1) and check Firmware Version in System Status

Verify Fix Applied:

After applying workarounds, test with nmap SYN scan: 'nmap -sS [router_ip]' should not cause service disruption.

📡 Detection & Monitoring

Log Indicators:

  • High volume of TCP SYN packets in router logs
  • Router reboot events
  • Connection resets

Network Indicators:

  • Unusual high rate of SYN packets to router IP
  • SYN packets without subsequent ACK completion

SIEM Query:

source="router_logs" AND "TCP SYN" AND count > 1000 per 60s

📊 Metadata

CVE ID: CVE-2021-3254
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: May 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON