CVE-2014-7278 - OpenCVE

The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Sbg3300-n Sbg3300-n Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:sbg3300-n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:sbg3300-n:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html
http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2014/Oct/20
https://exchange.xforce.ibmcloud.com/vulnerabilities/96892

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-04T10:00:00

Updated: 2024-08-06T12:47:31.643Z

Reserved: 2014-10-01T00:00:00

Link: CVE-2014-7278

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-04T10:55:03.880

Modified: 2017-09-08T01:29:16.340

Link: CVE-2014-7278

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"}, {"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"}, {"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Oct/20"}, {"name": "zyxelsbg3300-cve20147278-dos(96892)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"}, {"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"}, {"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Oct/20"}, {"name": "zyxelsbg3300-cve20147278-dos(96892)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:47:31.643Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"}, {"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"}, {"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Oct/20"}, {"name": "zyxelsbg3300-cve20147278-dos(96892)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-7278", "datePublished": "2014-10-04T10:00:00", "dateReserved": "2014-10-01T00:00:00", "dateUpdated": "2024-08-06T12:47:31.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:sbg3300-n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97E405E0-EE80-47E9-89B4-69CB9CF7D1B2", "versionEndIncluding": "1.00\\(aady.4\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:sbg3300-n:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA61B0AC-69CD-4DC0-9615-D034182EC3FB", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277."}, {"lang": "es", "value": "La p\u00e1gina de inicio de sesi\u00f3n en ZyXEL SBG-3300 Security Gateway con firmware 1.00(AADY.4)C0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n persistente de la interfaz web) a trav\u00e9s de c\u00f3digo JavaScript dentro de datos del formulario del 'mensaje de bienvenida' no especificados que se manejan indebidamente durante el uso para el valor de las variables de loginMsg, una vulnerabilidad diferente al CVE-2014-7277."}], "id": "CVE-2014-7278", "lastModified": "2017-09-08T01:29:16.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-04T10:55:03.880", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Oct/20"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}