Vulnerabilities > CVE-2014-0354 - Credentials Management vulnerability in Zyxel products

CVSS 7.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

NONE

low complexity

zyxel

CWE-255

NVD

Published: 2014-04-15

Updated: 2014-04-15

Summary

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel N300 Netusb NBG 419N Firmware 1.00\(Bfq_6\)C0	1
Hardware	Zyxel Zyxel N300 Netusb NBG 419N -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.kb.cert.org/vuls/id/939260