Remote Code Execution Vulnerability in ZyXEL Wireless N300 NetUSB NBG-419N Router

Remote Code Execution Vulnerability in ZyXEL Wireless N300 NetUSB NBG-419N Router

CVE-2014-0356 · HIGH Severity

AV:A/AC:M/AU:N/C:C/I:C/A:C

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.

Learn more about our Wireless Penetration Test.