Computer Security
[EN] securityvulns.ru no-pyccku


ZyXEL SBG-3300 security vulnerabilities
Published:05.10.2014
Source:
SecurityVulns ID:13987
Type:remote
Threat Level:
5/10
Description:DoS, crossite scripting.
Affected:ZYXEL : ZyXEL SBG-3300
CVE:CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.)
 CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.)
 CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.)
 CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.)
Original documentdocumentmirko.casadei_(at)_gmail.com, CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway (05.10.2014)
 documentmirko.casadei_(at)_gmail.com, CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway (05.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod