CVE-2014-0355

2014-04-1510:55:12

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-0355

buffer overflow

zyxel

wireless n300

netusb

nbg-419n

router

firmware

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.1%

JSON

Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.

Affected configurations

NVD

Node

zyxeln300_netusb_nbg-419n_firmwareMatch1.00\(bfq_6\)c0

AND

zyxeln300_netusb_nbg-419nMatch-

CPENameOperatorVersion
zyxel:n300_netusb_nbg-419n_firmwarezyxel n300 netusb nbg-419n firmwareeq1.00\(bfq_6\)c0
zyxel:n300_netusb_nbg-419nzyxel n300 netusb nbg-419neq-