CVE-2014-0354 - The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password

CVE Details

CVE-2014-0354

Summary

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.

References

http://www.kb.cert.org/vuls/id/939260

Vulnerable Configurations

cpe:2.3:o:zyxel:n300_netusb_nbg-419n_firmware:1.00\(bfq_6\)c0:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:n300_netusb_nbg-419n_firmware:1.00\(bfq_6\)c0:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:n300_netusb_nbg-419n:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:n300_netusb_nbg-419n:-:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 15-04-2014 - 17:56)
Impact:	9.2
Exploitability:	6.5

CWE

CWE-255

CAPEC

Click the CAPEC title to display a description

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	NONE

cvss-vector via4

AV:A/AC:L/Au:N/C:C/I:C/A:N

refmap via4

cert-vn

VU#939260

Last major update

15-04-2014 - 17:56

Published

15-04-2014 - 10:55

Last modified

15-04-2014 - 17:56