Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown

CVE-2023-35968

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
Attacker Value
Unknown

CVE-2023-35967

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
Attacker Value
Unknown

CVE-2023-35966

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
Attacker Value
Unknown

CVE-2023-35965

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
Attacker Value
Unknown

CVE-2023-35056

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.
Attacker Value
Unknown

CVE-2023-35055

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.
Attacker Value
Unknown

CVE-2023-34426

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.
Attacker Value
Unknown

CVE-2023-34365

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.
Attacker Value
Unknown

CVE-2023-34346

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
Attacker Value
Unknown

CVE-2023-32645

Disclosure Date: October 11, 2023 (last updated October 13, 2023)
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.