Vulnerability Details : CVE-2014-7278
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-7278
- cpe:2.3:o:zyxel:sbg3300-n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel:sbg3300-n:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7278
1.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7278
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-7278
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7278
-
http://seclists.org/fulldisclosure/2014/Oct/20
Full Disclosure: CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway
-
http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96892
ZyXEL SBG-3300 Security Gateway framLoad() function denial of service CVE-2014-7278 Vulnerability Report
-
http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html
ZyXEL SBG-3300 Security Gateway Denial Of Service ≈ Packet StormExploit
Jump to