CVE-2014-0356

2014-04-1510:55:12

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

7.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.005

Percentile

75.9%

JSON

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.

Affected configurations

Nvd

Node

zyxeln300_netusb_nbg-419n_firmwareMatch1.00\(bfq_6\)c0

AND

zyxeln300_netusb_nbg-419nMatch-

VendorProductVersionCPE
zyxeln300_netusb_nbg-419n_firmware1.00(bfq_6)c0cpe:2.3:o:zyxel:n300_netusb_nbg-419n_firmware:1.00\(bfq_6\)c0:*:*:*:*:*:*:*
zyxeln300_netusb_nbg-419n-cpe:2.3:h:zyxel:n300_netusb_nbg-419n:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zyxel	n300_netusb_nbg-419n_firmware	1.00(bfq_6)c0	cpe:2.3:o:zyxel:n300_netusb_nbg-419n_firmware:1.00\(bfq_6\)c0:::::::*
zyxel	n300_netusb_nbg-419n	-	cpe:2.3:h:zyxel:n300_netusb_nbg-419n:-:::::::*