Weak Authentication in ZyXEL Wireless N300 Router Exposes Users to Remote Attacks
CVE-2014-0354

Currently unrated

Key Information:

Vendor: Zyxel
Status: N300 Netusb Nbg-419n Firmware; N300 Netusb Nbg-419n
Vendor: CVE Published:; 15 April 2014

Summary

A security flaw exists in the ZyXEL Wireless N300 NetUSB NBG-419N router, where a hardcoded password can be exploited by remote attackers. This vulnerability allows unauthorized users to acquire login access via an HTTP request targeting the index.asp page. Users of the affected firmware version should update their devices to mitigate risks associated with this weakness.

References

http://www.kb.cert.org/vuls/id/939260

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Apr 15, 2014
Vulnerability Reserved
Dec 5, 2013