CVE-2014-0354

Published Apr 15, 2014

Last updated 11 years ago

Overview

Description: The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.
Source: cret@cert.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 9.2
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:N

Weaknesses

nvd@nist.gov: CWE-255

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zyxel:n300_netusb_nbg-419n_firmware:1.00\\(bfq_6\\)c0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29616BCA-61C1-4881-B491-B0473BDB9466"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zyxel:n300_netusb_nbg-419n:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83EB96CF-778F-4499-8779-0D8884F82FAD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References