Search criteria
6 vulnerabilities found for sbg3300-n by zyxel
VAR-201410-1357
Vulnerability from variot - Updated: 2025-04-13 23:32The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277. ZyXEL SBG-3300 Security Gateway The firmware login page shows service disruption ( permanent Web Interface down ) There are vulnerabilities that are put into a state. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sbg3300-n",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(aady.4\\)c0"
},
{
"model": "sbg3300-n series",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n series",
"scope": "lte",
"trust": 0.8,
"vendor": "zyxel",
"version": "1.00(aady.4)c0"
},
{
"model": "sbg-3300 \u003c=v1.00 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "1.00\\(aady.4\\)c0"
},
{
"model": "sbg-3300 v1.00 c0",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "BID",
"id": "70231"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:zyxel:sbg3300-n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mirko Casadei",
"sources": [
{
"db": "BID",
"id": "70231"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7278",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06642",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-75223",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7278",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-7278",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06642",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-75223",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "VULHUB",
"id": "VHN-75223"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable\u0027s value, a different vulnerability than CVE-2014-7277. ZyXEL SBG-3300 Security Gateway The firmware login page shows service disruption ( permanent Web Interface down ) There are vulnerabilities that are put into a state. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the device to reboot, denying service to legitimate users. \nZyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7278"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "BID",
"id": "70231"
},
{
"db": "VULHUB",
"id": "VHN-75223"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-75223",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75223"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7278",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "128550",
"trust": 1.1
},
{
"db": "BID",
"id": "70231",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-106",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-06642",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-75223",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "VULHUB",
"id": "VHN-75223"
},
{
"db": "BID",
"id": "70231"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"id": "VAR-201410-1357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "VULHUB",
"id": "VHN-75223"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
}
]
},
"last_update_date": "2025-04-13T23:32:47.517000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SBG3300-N Series",
"trust": 0.8,
"url": "http://www.zyxel.com/be/fr/products_services/sbg3300_n_series.shtml?t=p"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75223"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/oct/20"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/128550/zyxel-sbg-3300-security-gateway-denial-of-service.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7278"
},
{
"trust": 0.3,
"url": "http://www.zyxel.com/in/en/products_services/sbg3300_n_series.shtml?t=p"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "VULHUB",
"id": "VHN-75223"
},
{
"db": "BID",
"id": "70231"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"db": "VULHUB",
"id": "VHN-75223"
},
{
"db": "BID",
"id": "70231"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"date": "2014-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-75223"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70231"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"date": "2014-10-04T10:55:03.880000",
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06642"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-75223"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70231"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004530"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-106"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL SBG-3300 Security Gateway Service disruption on the firmware login page (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004530"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-106"
}
],
"trust": 0.6
}
}
VAR-201410-1356
Vulnerability from variot - Updated: 2025-04-13 23:04Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sbg3300-n",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n",
"scope": "lte",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(aady.4\\)c0"
},
{
"model": "sbg3300-n series",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n series",
"scope": "lte",
"trust": 0.8,
"vendor": "zyxel",
"version": "1.00(aady.4)c0"
},
{
"model": "sbg-3300 \u003c=v1.00 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "1.00\\(aady.4\\)c0"
},
{
"model": "sbg-3300 v1.00 c0",
"scope": null,
"trust": 0.3,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "BID",
"id": "70232"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:zyxel:sbg3300-n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mirko Casadei",
"sources": [
{
"db": "BID",
"id": "70232"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-7277",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-06641",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-75222",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7277",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-7277",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06641",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-105",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-75222",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "VULHUB",
"id": "VHN-75222"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified \"welcome message\" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nAttacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. \nZyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "BID",
"id": "70232"
},
{
"db": "VULHUB",
"id": "VHN-75222"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-75222",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75222"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7277",
"trust": 3.4
},
{
"db": "BID",
"id": "70232",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "128551",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-105",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-06641",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-75222",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "VULHUB",
"id": "VHN-75222"
},
{
"db": "BID",
"id": "70232"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"id": "VAR-201410-1356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "VULHUB",
"id": "VHN-75222"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
}
]
},
"last_update_date": "2025-04-13T23:04:46.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SBG3300-N Series",
"trust": 0.8,
"url": "http://www.zyxel.com/be/fr/products_services/sbg3300_n_series.shtml?t=p"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75222"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"trust": 1.4,
"url": "http://seclists.org/fulldisclosure/2014/oct/19"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/70232"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/128551/zyxel-sbg-3300-security-gateway-cross-site-scripting.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7277"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7277"
},
{
"trust": 0.3,
"url": "http://www.zyxel.com/in/en/products_services/sbg3300_n_series.shtml?t=p"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "VULHUB",
"id": "VHN-75222"
},
{
"db": "BID",
"id": "70232"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"db": "VULHUB",
"id": "VHN-75222"
},
{
"db": "BID",
"id": "70232"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"date": "2014-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-75222"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70232"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"date": "2014-10-04T10:55:03.833000",
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06641"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-75222"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70232"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004529"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-105"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL SBG-3300 Security Gateway Firmware login page cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004529"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-105"
}
],
"trust": 0.6
}
}
CVE-2014-7278 (GCVE-0-2014-7278)
Vulnerability from nvd – Published: 2014-10-04 10:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/20"
},
{
"name": "zyxelsbg3300-cve20147278-dos(96892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable\u0027s value, a different vulnerability than CVE-2014-7277."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/20"
},
{
"name": "zyxelsbg3300-cve20147278-dos(96892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable\u0027s value, a different vulnerability than CVE-2014-7277."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/20"
},
{
"name": "zyxelsbg3300-cve20147278-dos(96892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7278",
"datePublished": "2014-10-04T10:00:00.000Z",
"dateReserved": "2014-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:31.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7277 (GCVE-0-2014-7277)
Vulnerability from nvd – Published: 2014-10-04 10:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/19"
},
{
"name": "70232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html"
},
{
"name": "zyxelsbg3300-cve20147277-xss(96891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified \"welcome message\" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/19"
},
{
"name": "70232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html"
},
{
"name": "zyxelsbg3300-cve20147277-xss(96891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified \"welcome message\" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/19"
},
{
"name": "70232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70232"
},
{
"name": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html"
},
{
"name": "zyxelsbg3300-cve20147277-xss(96891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7277",
"datePublished": "2014-10-04T10:00:00.000Z",
"dateReserved": "2014-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:31.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7277 (GCVE-0-2014-7277)
Vulnerability from cvelistv5 – Published: 2014-10-04 10:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/19"
},
{
"name": "70232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70232"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html"
},
{
"name": "zyxelsbg3300-cve20147277-xss(96891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified \"welcome message\" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/19"
},
{
"name": "70232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70232"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html"
},
{
"name": "zyxelsbg3300-cve20147277-xss(96891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified \"welcome message\" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0024.html"
},
{
"name": "20141003 CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/19"
},
{
"name": "70232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70232"
},
{
"name": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128551/ZyXEL-SBG-3300-Security-Gateway-Cross-Site-Scripting.html"
},
{
"name": "zyxelsbg3300-cve20147277-xss(96891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7277",
"datePublished": "2014-10-04T10:00:00.000Z",
"dateReserved": "2014-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:31.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7278 (GCVE-0-2014-7278)
Vulnerability from cvelistv5 – Published: 2014-10-04 10:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/20"
},
{
"name": "zyxelsbg3300-cve20147278-dos(96892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable\u0027s value, a different vulnerability than CVE-2014-7277."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/20"
},
{
"name": "zyxelsbg3300-cve20147278-dos(96892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified \"welcome message\" form data that is improperly handled during use for the loginMsg variable\u0027s value, a different vulnerability than CVE-2014-7277."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128550/ZyXEL-SBG-3300-Security-Gateway-Denial-Of-Service.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0025.html"
},
{
"name": "20141003 CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/20"
},
{
"name": "zyxelsbg3300-cve20147278-dos(96892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7278",
"datePublished": "2014-10-04T10:00:00.000Z",
"dateReserved": "2014-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:31.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}