68 matches found
CVE-2014-0353
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allows remote attackers to bypass authentication by using %2F sequences in place of / slash characters...
Authentication flaw
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allows remote attackers to bypass authentication by using %2F sequences in place of / slash characters...
Stack overflow
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allow man-in-the-middle attackers to execute arbitrary code via 1 a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather...
Command injection
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the 1 detectWeather, 2 setlanguage, 3 SystemCommand, or 4 NTPSyncWithHost function in management.c, or a 5 SET COUNTRY, 6 SET WLAN SSID, ...
CVE-2014-0354
The CVE-2014-0354 entry concerns ZyXEL Wireless N300 NetUSB NBG-419N routers with firmware 1.00(BFQ.6)C0 that have a hardcoded password (qweasdzxc) used to login to index.asp via HTTP, enabling a remote attacker on the LAN to obtain login access. The linked NVD record confirms the issue and its i...
CVE-2014-0354
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request...
CVE-2014-0353
The ZyXEL Wireless N300 NetUSB NBG-419N router (firmware 1.00(BFQ.6)C0) is affected by CVE-2014-0353: remote attackers can bypass authentication by escaping the "/" path separator with %2F in URLs, allowing access to subdirectory content. Root cause: improper handling of URL encoding for slashes ...
CVE-2014-0355
CVE-2014-0355 affects ZyXEL Wireless N300 NetUSB Router NBG-419N (firmware 1.00(BFQ.6)C0). The checkWeather function parses forecastrss and is vulnerable to a stack-based buffer overflow; WeatherCity/WeatherDegree variables in detectWeather are vulnerable to overflow; UpnpAddRunRLQoS, UpnpDeleteR...