Remote Code Execution Vulnerability in ZyXEL Wireless N300 Router
CVE-2014-0356

Currently unrated

Key Information:

Vendor: Zyxel
Status: N300 Netusb Nbg-419n Firmware; N300 Netusb Nbg-419n
Vendor: CVE Published:; 15 April 2014

Summary

The ZyXEL Wireless N300 NetUSB NBG-419N router, specifically with firmware version 1.00(BFQ.6)C0, is susceptible to a vulnerability that allows remote attackers to execute arbitrary code. This is achieved through specially crafted input to various functions within the router's management interface, including detectWeather, set_language, SystemCommand, and NTPSyncWithHost, as well as through specific UDP commands like SET COUNTRY and SET WLAN SSID. This security flaw emphasizes the need for firmware updates and proper configuration to avert potential exploitation.

References

http://www.kb.cert.org/vuls/id/939260

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Apr 15, 2014
Vulnerability Reserved
Dec 5, 2013