1. Home
  2. CVE Database
  3. CVE-2014-0356
HIGH · 7.9

CVE-2014-0356

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_languag...

Vulnerability Description

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.

CVSS Score

7.9

HIGH

AV:A/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
ZyxelN300 Netusb Nbg-419N Firmware1.00\(bfq_6\)c0
ZyxelN300 Netusb Nbg-419N-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2014-0356?

CVE-2014-0356 is a vulnerability with a CVSS score of 7.9 (HIGH). The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_languag...

How severe is CVE-2014-0356?

CVE-2014-0356 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0356?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel N300 Netusb Nbg-419N Firmware, Zyxel N300 Netusb Nbg-419N.