CVE-2014-0355

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.9HIGH

EPSS

0.2%

top 61.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel N300 Netusb Nbg-419n Firmware

Timeline

PublishedApr 15

Latest updateMay 17

Description

Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; …

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages1 packages

▶NVDzyxel/n300_netusb_nbg-419n_firmware1.00\(bfq_6\)c0

🔴Vulnerability Details

GHSA

GHSA-q82m-pj2g-922m: Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1↗2022-05-17

▶

CVEList

CVE-2014-0355: Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1↗2014-04-15

▶