CVE-2014-0356 Information

Description

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather (2) set_language (3) SystemCommand or (4) NTPSyncWithHost function in management.c or a (5) SET COUNTRY (6) SET WLAN SSID (7) SET WLAN CHANNEL (8) SET WLAN STATUS or (9) SET WLAN COUNTRY udps command.

Reference

http://www.kb.cert.org/vuls/id/939260