CVE-2014-0356

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.9HIGH

EPSS

0.7%

top 28.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel N300 Netusb Nbg-419n Firmware

Timeline

PublishedApr 15

Latest updateMay 17

Description

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages1 packages

▶NVDzyxel/n300_netusb_nbg-419n_firmware1.00\(bfq_6\)c0

🔴Vulnerability Details

GHSA

GHSA-3fvr-q43p-22xr: The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1↗2022-05-17

▶

CVEList

CVE-2014-0356: The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1↗2014-04-15

▶

💬Community

Bugzilla

CVE-2017-0356 ikiwiki: Authentication bypass via repeated parameters↗2017-01-12

▶