5772 matches found
CVE-2023-35966
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-32645
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34426
A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-35055
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-24479
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-31272
A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
Authentication flaw
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
Stack overflow
A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
Buffer overflow
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
Buffer overflow
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
Heap overflow
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
CVE-2023-35056
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-35055
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-24479
Summary: CVE-2023-24479 affects the Yifan YF325 router’s httpd nvram.cgi endpoint. Talos confirms an authentication bypass vulnerability that lets an attacker craft a network request to trigger arbitrary command execution, including the ability to change admin credentials and gain root access. Af...
CVE-2023-35055
CVE-2023-35055 affects Yifan YF325 v1.0_20221108. Talos reports a stack-based buffer overflow in the httpd module via the gozila_cgi/next_page handling, where user-controlled next_page is copied into a fixed buffer using strcpy, enabling remote code execution. The vulnerability is triggered by sp...
CVE-2023-35056
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34346
CVE-2023-34346 concerns a stack-based buffer overflow in the Yifan YF325 router. Talos reports the vulnerability exists in the httpd gwcfg.cgi get endpoint, where the code reads request data using Content-Length into a fixed-size buffer without proper bounds checking, allowing a specially crafted...
CVE-2023-31272
A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...