CVE-2014-0355

Published: Apr 15, 2014Modified: May 6, 2026

7.9

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 5.5 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.

Affected (2)

Products: Zyxel: N300 Netusb Nbg 419n Firmware, N300 Netusb Nbg 419n

2 products

N300 Netusb Nbg 419n Firmware

N300 Netusb Nbg 419n

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zyxel N300 Netusb Nbg 419n Firmware	Version 1.00(bfq_6)c0
Zyxel N300 Netusb Nbg 419n	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

http://www.kb.cert.org/vuls/id/939260

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/939260

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.