CVE-2014-7278

Published: Oct 4, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.

Affected (2)

Products: Zyxel: Sbg3300 N Firmware, Sbg3300 N

2 products

Sbg3300 N Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zyxel Sbg3300 N Firmware	Up to 1.00\(aady.4\)c0
Zyxel Sbg3300 N	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Oct/20

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/96892

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2014/Oct/20

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/96892

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.