Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0355

Overview

Vulnerability Score 7.9 7.9
CVE Id CVE-2014-0355
Last Modified 15 Apr 2014 01:56:33
Published 15 Apr 2014 06:55:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0355

Summary

Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.

Vulnerable Systems

Operating System

  • Zyxel N300 Netusb Nbg-419n Firmware 1.00%28bfq 6%29c0


References

CERT-VN - VU#939260


Last Updated: 27 May 2016 11:04:56