CVE-2014-7278

Name of the Vulnerable Software and Affected Versions ZyXEL SBG-3300 Security Gateway versions 1.00(AADY.4)C0 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a persistent web-interface outage. This is achieved by injecting JavaScript code into the "welcome message" form data, which is improperly handled and used for the loginMsg variable's value.

Recommendations For ZyXEL SBG-3300 Security Gateway versions 1.00(AADY.4)C0 and earlier, consider restricting access to the login page as a temporary workaround until a patch is available. Avoid using the loginMsg variable in the login page's form data until the issue is resolved.