EUVD-2014-0391

Malware in sbrugna...

CVE-2014-0356

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the 1 detectWeather, 2 setlanguage, 3 SystemCommand, or 4 NTPSyncWithHost function in management.c, or a 5 SET COUNTRY, 6 SET WLAN SSID, ...

Command injection

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the 1 detectWeather, 2 setlanguage, 3 SystemCommand, or 4 NTPSyncWithHost function in management.c, or a 5 SET COUNTRY, 6 SET WLAN SSID, ...

Hardcoded credentials

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request...

CVE-2014-0353

The ZyXEL Wireless N300 NetUSB NBG-419N router (firmware 1.00(BFQ.6)C0) is affected by CVE-2014-0353: remote attackers can bypass authentication by escaping the "/" path separator with %2F in URLs, allowing access to subdirectory content. Root cause: improper handling of URL encoding for slashes ...

CVE-2014-0355

CVE-2014-0355 affects ZyXEL Wireless N300 NetUSB Router NBG-419N (firmware 1.00(BFQ.6)C0). The checkWeather function parses forecastrss and is vulnerable to a stack-based buffer overflow; WeatherCity/WeatherDegree variables in detectWeather are vulnerable to overflow; UpnpAddRunRLQoS, UpnpDeleteR...

CVE-2014-0356

The CVE-2014-0356 issue affects ZyXEL Wireless N300 NetUSB NBG-419N routers (firmware 1.00(BFQ.6)C0). The vulnerability arises from command injection via shell metacharacters in input to management.c functions (detectWeather, set_language, SystemCommand, NTPSyncWithHost) and via udps commands (SE...

CVE-2014-0355

Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allow man-in-the-middle attackers to execute arbitrary code via 1 a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather...

PT-2025-31530 · D Link · Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L versions 1.12 through 1.13 Description: A stack-based buffer overflow exists in the getAuthCode function when processing CAPTCHA data. Exploitation may allow a remote attacker to execute arbitrary code with root privileges. Th...