CVE-2014-0356

Published: Apr 15, 2014Modified: May 6, 2026

7.9

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 5.5 / Impact: 10.0

Source: NVD

Description

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.

Affected (2)

Products: Zyxel: N300 Netusb Nbg 419n Firmware, N300 Netusb Nbg 419n

2 products

N300 Netusb Nbg 419n Firmware

N300 Netusb Nbg 419n

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zyxel N300 Netusb Nbg 419n Firmware	Version 1.00(bfq_6)c0
Zyxel N300 Netusb Nbg 419n	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

http://www.kb.cert.org/vuls/id/939260

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/939260

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.