Sign-up

ID

VAR-201410-1357


CVE

CVE-2014-7278


TITLE

ZyXEL SBG-3300 Security Gateway Service disruption on the firmware login page (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004530

DESCRIPTION

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277. ZyXEL SBG-3300 Security Gateway The firmware login page shows service disruption ( permanent Web Interface down ) There are vulnerabilities that are put into a state. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2014-7278 // JVNDB: JVNDB-2014-004530 // CNVD: CNVD-2014-06642 // BID: 70231 // VULHUB: VHN-75223

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-06642

AFFECTED PRODUCTS

vendor:zyxelmodel:sbg3300-nscope:eqversion: -

Trust: 1.0

vendor:zyxelmodel:sbg3300-nscope:lteversion:1.00\(aady.4\)c0

Trust: 1.0

vendor:zyxelmodel:sbg3300-n seriesscope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-n seriesscope:lteversion:1.00(aady.4)c0

Trust: 0.8

vendor:zyxelmodel:sbg-3300 <=v1.00 c0scope: - version: -

Trust: 0.6

vendor:zyxelmodel:sbg3300-nscope:eqversion:1.00\(aady.4\)c0

Trust: 0.6

vendor:zyxelmodel:sbg-3300 v1.00 c0scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2014-06642 // BID: 70231 // JVNDB: JVNDB-2014-004530 // CNNVD: CNNVD-201410-106 // NVD: CVE-2014-7278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7278
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-7278
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-06642
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201410-106
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75223
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-7278
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-06642
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-75223
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-06642 // VULHUB: VHN-75223 // JVNDB: JVNDB-2014-004530 // CNNVD: CNNVD-201410-106 // NVD: CVE-2014-7278

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-75223 // JVNDB: JVNDB-2014-004530 // NVD: CVE-2014-7278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-106

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201410-106

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004530

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-75223

PATCH
title:SBG3300-N Seriesurl:http://www.zyxel.com/be/fr/products_services/sbg3300_n_series.shtml?t=p
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004530

EXTERNAL IDS
db:NVDid:CVE-2014-7278
Trust: 3.4
db:PACKETSTORMid:128550
Trust: 1.1
db:BIDid:70231
Trust: 1.0
db:JVNDBid:JVNDB-2014-004530
Trust: 0.8
db:CNNVDid:CNNVD-201410-106
Trust: 0.7
db:CNVDid:CNVD-2014-06642
Trust: 0.6
db:VULHUBid:VHN-75223
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-06642 // 
            
            
            
            VULHUB: VHN-75223 // 
            
            
            
            BID: 70231 // 
            
            
            
            JVNDB: JVNDB-2014-004530 // 
            
            
            
            CNNVD: CNNVD-201410-106 // 
            
            
            
            NVD: CVE-2014-7278

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html
Trust: 3.1
url:http://seclists.org/fulldisclosure/2014/oct/20
Trust: 1.1
url:http://packetstormsecurity.com/files/128550/zyxel-sbg-3300-security-gateway-denial-of-service.html
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/96892
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7278
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7278
Trust: 0.8
url:http://www.zyxel.com/in/en/products_services/sbg3300_n_series.shtml?t=p
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-06642 // 
            
            
            
            VULHUB: VHN-75223 // 
            
            
            
            BID: 70231 // 
            
            
            
            JVNDB: JVNDB-2014-004530 // 
            
            
            
            CNNVD: CNNVD-201410-106 // 
            
            
            
            NVD: CVE-2014-7278

CREDITS
Mirko Casadei
Trust: 0.3
sources:
            
            
            BID: 70231

SOURCES
db:CNVDid:CNVD-2014-06642
db:VULHUBid:VHN-75223
db:BIDid:70231
db:JVNDBid:JVNDB-2014-004530
db:CNNVDid:CNNVD-201410-106
db:NVDid:CVE-2014-7278

LAST UPDATE DATE
2025-04-13T23:32:47.517000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-06642date:2014-10-11T00:00:00
db:VULHUBid:VHN-75223date:2017-09-08T00:00:00
db:BIDid:70231date:2014-10-03T00:00:00
db:JVNDBid:JVNDB-2014-004530date:2014-10-07T00:00:00
db:CNNVDid:CNNVD-201410-106date:2014-10-11T00:00:00
db:NVDid:CVE-2014-7278date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-06642date:2014-10-11T00:00:00
db:VULHUBid:VHN-75223date:2014-10-04T00:00:00
db:BIDid:70231date:2014-10-03T00:00:00
db:JVNDBid:JVNDB-2014-004530date:2014-10-07T00:00:00
db:CNNVDid:CNNVD-201410-106date:2014-10-11T00:00:00
db:NVDid:CVE-2014-7278date:2014-10-04T10:55:03.880