Sign-up

ID

VAR-201404-0469


CVE

CVE-2014-0353


TITLE

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#939260

DESCRIPTION

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. The ZyXEL NBG-419N Router is a router device. The ZyXEL NBG-419N Router has a security bypass vulnerability. By bypassing the \"/\" character in the escape URL, the script can be accessed directly. An attacker can exploit these issues to bypass certain security restrictions and execute arbitrary code or commands in the context of the affected device. This may aid in further attacks. ZyXEL Wireless N300 NetUSB NBG-419N is a wireless broadband router product of ZyXEL Technology Company. A remote attacker could exploit this vulnerability to bypass authentication by using the '' sequence instead of '/'

Trust: 3.24

sources: NVD: CVE-2014-0353 // CERT/CC: VU#939260 // JVNDB: JVNDB-2014-002024 // CNVD: CNVD-2014-02373 // BID: 66794 // VULHUB: VHN-67846

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02373

AFFECTED PRODUCTS

vendor:zyxelmodel:n300 netusb nbg-419nscope:eqversion:1.00\(bfq_6\)c0

Trust: 1.6

vendor:zyxelmodel:n300 netusb nbg-419nscope:eqversion: -

Trust: 1.0

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:wireless n300 netusb router nbg-419nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:wireless n300 netusb router nbg-419nscope:eqversion:1.00(bfq.6)c0

Trust: 0.8

vendor:zyxelmodel:n300 netusb router nbg-419n 1.00 c0scope: - version: -

Trust: 0.6

sources: CERT/CC: VU#939260 // CNVD: CNVD-2014-02373 // JVNDB: JVNDB-2014-002024 // CNNVD: CNNVD-201404-204 // NVD: CVE-2014-0353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0353
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0353
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02373
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-204
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67846
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0353
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02373
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67846
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02373 // VULHUB: VHN-67846 // JVNDB: JVNDB-2014-002024 // CNNVD: CNNVD-201404-204 // NVD: CVE-2014-0353

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-67846 // JVNDB: JVNDB-2014-002024 // NVD: CVE-2014-0353

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201404-204

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201404-204

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002024

PATCH
title:NBG-419N v2url:http://www.zyxel.com/us/en/products_services/nbg_419n_v2.shtml?t=p
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002024

EXTERNAL IDS
db:CERT/CCid:VU#939260
Trust: 4.2
db:NVDid:CVE-2014-0353
Trust: 3.4
db:BIDid:66794
Trust: 0.9
db:JVNid:JVNVU94935747
Trust: 0.8
db:JVNDBid:JVNDB-2014-002024
Trust: 0.8
db:CNNVDid:CNNVD-201404-204
Trust: 0.7
db:CNVDid:CNVD-2014-02373
Trust: 0.6
db:NSFOCUSid:26504
Trust: 0.6
db:VULHUBid:VHN-67846
Trust: 0.1
sources:
            
            
            CERT/CC: VU#939260 // 
            
            
            
            CNVD: CNVD-2014-02373 // 
            
            
            
            VULHUB: VHN-67846 // 
            
            
            
            BID: 66794 // 
            
            
            
            JVNDB: JVNDB-2014-002024 // 
            
            
            
            CNNVD: CNNVD-201404-204 // 
            
            
            
            NVD: CVE-2014-0353

REFERENCES
url:http://www.kb.cert.org/vuls/id/939260
Trust: 3.4
url:http://www.zyxel.com/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/425.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/259.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/121.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0353
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94935747/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0353
Trust: 0.8
url:http://www.nsfocus.net/vulndb/26504
Trust: 0.6
url:http://www.zyxel.com/products_services/nbg_419n_v2.shtml?t=p
Trust: 0.3
sources:
            
            
            CERT/CC: VU#939260 // 
            
            
            
            CNVD: CNVD-2014-02373 // 
            
            
            
            VULHUB: VHN-67846 // 
            
            
            
            BID: 66794 // 
            
            
            
            JVNDB: JVNDB-2014-002024 // 
            
            
            
            CNNVD: CNNVD-201404-204 // 
            
            
            
            NVD: CVE-2014-0353

CREDITS
Anonymous
Trust: 0.3
sources:
            
            
            BID: 66794

SOURCES
db:CERT/CCid:VU#939260
db:CNVDid:CNVD-2014-02373
db:VULHUBid:VHN-67846
db:BIDid:66794
db:JVNDBid:JVNDB-2014-002024
db:CNNVDid:CNNVD-201404-204
db:NVDid:CVE-2014-0353

LAST UPDATE DATE
2025-04-13T23:18:23.822000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#939260date:2014-04-16T00:00:00
db:CNVDid:CNVD-2014-02373date:2014-04-18T00:00:00
db:VULHUBid:VHN-67846date:2014-04-15T00:00:00
db:BIDid:66794date:2014-04-11T00:00:00
db:JVNDBid:JVNDB-2014-002024date:2014-04-17T00:00:00
db:CNNVDid:CNNVD-201404-204date:2014-04-16T00:00:00
db:NVDid:CVE-2014-0353date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#939260date:2014-04-11T00:00:00
db:CNVDid:CNVD-2014-02373date:2014-04-17T00:00:00
db:VULHUBid:VHN-67846date:2014-04-15T00:00:00
db:BIDid:66794date:2014-04-11T00:00:00
db:JVNDBid:JVNDB-2014-002024date:2014-04-17T00:00:00
db:CNNVDid:CNNVD-201404-204date:2014-04-16T00:00:00
db:NVDid:CVE-2014-0353date:2014-04-15T10:55:11.963