Mirko Casadei

**Name of the Vulnerable Software and Affected Versions** ZyXEL SBG-3300 Security Gateway versions 1.00(AADY.4)C0 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a persistent web-interface outage. This is achieved by injecting JavaScript code into the "welcome message" form data, which is improperly handled and used for the `loginMsg` variable's value. **Recommendations** For ZyXEL SBG-3300 Security Gateway versions 1.00(AADY.4)C0 and earlier, consider restricting access to the login page as a temporary workaround until a patch is available. Avoid using the `loginMsg` variable in the login page's form data until the issue is resolved.