Sign-up

ID

VAR-201404-0470


CVE

CVE-2014-0354


TITLE

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#939260

DESCRIPTION

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request. ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. The ZyXEL NBG-419N is a wireless router product. ZyXEL NBG-419N (Firmware Version 1.00 (BFQ.6) C0) has vulnerabilities in the implementation of direct request vulnerability, hard-coded password vulnerability, stack buffer overflow vulnerability, special character invalidation in OS command error. An attacker could exploit this vulnerability to bypass security restrictions, execute arbitrary commands on affected devices, and so on. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2014-0354 // CERT/CC: VU#939260 // JVNDB: JVNDB-2014-002025 // CNVD: CNVD-2014-02557 // BID: 66794 // VULHUB: VHN-67847

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02557

AFFECTED PRODUCTS

vendor:zyxelmodel:n300 netusb nbg-419nscope:eqversion:1.00\(bfq_6\)c0

Trust: 1.6

vendor:zyxelmodel:n300 netusb nbg-419nscope:eqversion: -

Trust: 1.0

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:wireless n300 netusb router nbg-419nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:wireless n300 netusb router nbg-419nscope:eqversion:1.00(bfq.6)c0

Trust: 0.8

vendor:zyxelmodel:n300 netusb router nbg-419n 1.00 c0scope: - version: -

Trust: 0.6

sources: CERT/CC: VU#939260 // CNVD: CNVD-2014-02557 // JVNDB: JVNDB-2014-002025 // CNNVD: CNNVD-201404-205 // NVD: CVE-2014-0354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0354
value: HIGH

Trust: 1.0

NVD: CVE-2014-0354
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02557
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201404-205
value: HIGH

Trust: 0.6

VULHUB: VHN-67847
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0354
severity: HIGH
baseScore: 7.8
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02557
severity: HIGH
baseScore: 7.8
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67847
severity: HIGH
baseScore: 7.8
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02557 // VULHUB: VHN-67847 // JVNDB: JVNDB-2014-002025 // CNNVD: CNNVD-201404-205 // NVD: CVE-2014-0354

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-67847 // JVNDB: JVNDB-2014-002025 // NVD: CVE-2014-0354

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201404-205

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201404-205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002025

PATCH
title:NBG-419N v2url:http://www.zyxel.com/us/en/products_services/nbg_419n_v2.shtml?t=p
Trust: 0.8
title:ZyXEL NBG-419N router has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/45081
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-02557 // 
            
            
            
            JVNDB: JVNDB-2014-002025

EXTERNAL IDS
db:CERT/CCid:VU#939260
Trust: 3.6
db:NVDid:CVE-2014-0354
Trust: 3.4
db:BIDid:66794
Trust: 0.9
db:JVNid:JVNVU94935747
Trust: 0.8
db:JVNDBid:JVNDB-2014-002025
Trust: 0.8
db:CNNVDid:CNNVD-201404-205
Trust: 0.7
db:CNVDid:CNVD-2014-02557
Trust: 0.6
db:NSFOCUSid:26504
Trust: 0.6
db:VULHUBid:VHN-67847
Trust: 0.1
sources:
            
            
            CERT/CC: VU#939260 // 
            
            
            
            CNVD: CNVD-2014-02557 // 
            
            
            
            VULHUB: VHN-67847 // 
            
            
            
            BID: 66794 // 
            
            
            
            JVNDB: JVNDB-2014-002025 // 
            
            
            
            CNNVD: CNNVD-201404-205 // 
            
            
            
            NVD: CVE-2014-0354

REFERENCES
url:http://www.kb.cert.org/vuls/id/939260
Trust: 2.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0354
Trust: 1.4
url:http://www.zyxel.com/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/425.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/259.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/121.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0354
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94935747/
Trust: 0.8
url:http://www.nsfocus.net/vulndb/26504
Trust: 0.6
url:http://www.zyxel.com/products_services/nbg_419n_v2.shtml?t=p
Trust: 0.3
sources:
            
            
            CERT/CC: VU#939260 // 
            
            
            
            CNVD: CNVD-2014-02557 // 
            
            
            
            VULHUB: VHN-67847 // 
            
            
            
            BID: 66794 // 
            
            
            
            JVNDB: JVNDB-2014-002025 // 
            
            
            
            CNNVD: CNNVD-201404-205 // 
            
            
            
            NVD: CVE-2014-0354

CREDITS
Anonymous
Trust: 0.3
sources:
            
            
            BID: 66794

SOURCES
db:CERT/CCid:VU#939260
db:CNVDid:CNVD-2014-02557
db:VULHUBid:VHN-67847
db:BIDid:66794
db:JVNDBid:JVNDB-2014-002025
db:CNNVDid:CNNVD-201404-205
db:NVDid:CVE-2014-0354

LAST UPDATE DATE
2025-04-13T23:18:23.782000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#939260date:2014-04-16T00:00:00
db:CNVDid:CNVD-2014-02557date:2014-04-28T00:00:00
db:VULHUBid:VHN-67847date:2014-04-15T00:00:00
db:BIDid:66794date:2014-04-11T00:00:00
db:JVNDBid:JVNDB-2014-002025date:2014-04-17T00:00:00
db:CNNVDid:CNNVD-201404-205date:2014-04-16T00:00:00
db:NVDid:CVE-2014-0354date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#939260date:2014-04-11T00:00:00
db:CNVDid:CNVD-2014-02557date:2014-04-21T00:00:00
db:VULHUBid:VHN-67847date:2014-04-15T00:00:00
db:BIDid:66794date:2014-04-11T00:00:00
db:JVNDBid:JVNDB-2014-002025date:2014-04-17T00:00:00
db:CNNVDid:CNNVD-201404-205date:2014-04-16T00:00:00
db:NVDid:CVE-2014-0354date:2014-04-15T10:55:11.993