Sign-up

ID

VAR-201404-0472


CVE

CVE-2014-0356


TITLE

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#939260

DESCRIPTION

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command. ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. ZyXEL Wireless N300 NetUSB Router NBG-419N is a router device. The detectWeather(), set_language(), SystemCommand(), and NTPSyncWithHost() functions in the ZyXEL Wireless N300 NetUSB Router NBG-419N management.c lack proper filtering of the input, allowing an attacker to exploit the vulnerability to inject and execute arbitrary commands. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2014-0356 // CERT/CC: VU#939260 // JVNDB: JVNDB-2014-002027 // CNVD: CNVD-2014-02424 // BID: 66794 // VULHUB: VHN-67849

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02424

AFFECTED PRODUCTS

vendor:zyxelmodel:n300 netusb nbg-419nscope:eqversion:1.00\(bfq_6\)c0

Trust: 1.6

vendor:zyxelmodel:n300 netusb nbg-419nscope:eqversion: -

Trust: 1.0

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:wireless n300 netusb router nbg-419nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:wireless n300 netusb router nbg-419nscope:eqversion:1.00(bfq.6)c0

Trust: 0.8

vendor:zyxelmodel:n300 netusb router nbg-419n 1.00 c0scope: - version: -

Trust: 0.6

sources: CERT/CC: VU#939260 // CNVD: CNVD-2014-02424 // JVNDB: JVNDB-2014-002027 // CNNVD: CNNVD-201404-207 // NVD: CVE-2014-0356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0356
value: HIGH

Trust: 1.0

NVD: CVE-2014-0356
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02424
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201404-207
value: HIGH

Trust: 0.6

VULHUB: VHN-67849
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0356
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-02424
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67849
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-02424 // VULHUB: VHN-67849 // JVNDB: JVNDB-2014-002027 // CNNVD: CNNVD-201404-207 // NVD: CVE-2014-0356

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-67849 // JVNDB: JVNDB-2014-002027 // NVD: CVE-2014-0356

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201404-207

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201404-207

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002027

PATCH
title:NBG-419N v2url:http://www.zyxel.com/us/en/products_services/nbg_419n_v2.shtml?t=p
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002027

EXTERNAL IDS
db:CERT/CCid:VU#939260
Trust: 4.2
db:NVDid:CVE-2014-0356
Trust: 3.4
db:JVNid:JVNVU94935747
Trust: 1.4
db:BIDid:66794
Trust: 0.9
db:JVNDBid:JVNDB-2014-002027
Trust: 0.8
db:CNNVDid:CNNVD-201404-207
Trust: 0.7
db:CNVDid:CNVD-2014-02424
Trust: 0.6
db:NSFOCUSid:26504
Trust: 0.6
db:VULHUBid:VHN-67849
Trust: 0.1
sources:
            
            
            CERT/CC: VU#939260 // 
            
            
            
            CNVD: CNVD-2014-02424 // 
            
            
            
            VULHUB: VHN-67849 // 
            
            
            
            BID: 66794 // 
            
            
            
            JVNDB: JVNDB-2014-002027 // 
            
            
            
            CNNVD: CNNVD-201404-207 // 
            
            
            
            NVD: CVE-2014-0356

REFERENCES
url:http://www.kb.cert.org/vuls/id/939260
Trust: 3.4
url:http://www.zyxel.com/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/425.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/259.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/121.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0356
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94935747/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0356
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94935747/index.html
Trust: 0.6
url:http://www.nsfocus.net/vulndb/26504
Trust: 0.6
url:http://www.zyxel.com/products_services/nbg_419n_v2.shtml?t=p
Trust: 0.3
sources:
            
            
            CERT/CC: VU#939260 // 
            
            
            
            CNVD: CNVD-2014-02424 // 
            
            
            
            VULHUB: VHN-67849 // 
            
            
            
            BID: 66794 // 
            
            
            
            JVNDB: JVNDB-2014-002027 // 
            
            
            
            CNNVD: CNNVD-201404-207 // 
            
            
            
            NVD: CVE-2014-0356

CREDITS
Anonymous
Trust: 0.3
sources:
            
            
            BID: 66794

SOURCES
db:CERT/CCid:VU#939260
db:CNVDid:CNVD-2014-02424
db:VULHUBid:VHN-67849
db:BIDid:66794
db:JVNDBid:JVNDB-2014-002027
db:CNNVDid:CNNVD-201404-207
db:NVDid:CVE-2014-0356

LAST UPDATE DATE
2025-04-13T23:18:23.896000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#939260date:2014-04-16T00:00:00
db:CNVDid:CNVD-2014-02424date:2014-04-18T00:00:00
db:VULHUBid:VHN-67849date:2014-04-15T00:00:00
db:BIDid:66794date:2014-04-11T00:00:00
db:JVNDBid:JVNDB-2014-002027date:2014-04-17T00:00:00
db:CNNVDid:CNNVD-201404-207date:2014-04-16T00:00:00
db:NVDid:CVE-2014-0356date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#939260date:2014-04-11T00:00:00
db:CNVDid:CNVD-2014-02424date:2014-04-17T00:00:00
db:VULHUBid:VHN-67849date:2014-04-15T00:00:00
db:BIDid:66794date:2014-04-11T00:00:00
db:JVNDBid:JVNDB-2014-002027date:2014-04-17T00:00:00
db:CNNVDid:CNNVD-201404-207date:2014-04-16T00:00:00
db:NVDid:CVE-2014-0356date:2014-04-15T10:55:12.057