Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0356 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2024-11-21 | 7.9 HIGH | N/A |
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command. | |||||
CVE-2014-0355 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2024-11-21 | 7.9 HIGH | N/A |
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command. | |||||
CVE-2014-0354 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2024-11-21 | 7.8 HIGH | N/A |
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request. | |||||
CVE-2014-0353 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2024-11-21 | 6.1 MEDIUM | N/A |
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. |