5772 matches found
CVE-2023-31272
A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34426
A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34426
Cisco Talos documents a stack-based buffer overflow in Yifan YF325 v1.0_20221108 (httpd manage_request). The vulnerability occurs when processing certain URL paths (notably /tmp/sd): the code copies a URL path into a fixed-size buffer without length checks, leading to overflow during pre-processi...
CVE-2023-31272
The CVE affects Yifan YF325, version v1.0_20221108, where the httpd do_wds endpoint copies URL_path into a fixed-size buffer using strcpy without length checks, causing a stack-based buffer overflow. This can be triggered by a specially crafted network request (no authentication required) and Tal...
CVE-2023-35965
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
CVE-2023-35966
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
CVE-2023-35965
CVE-2023-35965 affects Yifan YF325 v1.0_20221108. Talos details show two heap-based buffer overflow flaws in the httpd manage_post handling: the code allocates memory using malloc/realloc(content_length + 1) without validating content_length, causing a heap overflow when content_length is the max...
CVE-2023-35966
Two CVEs (CVE-2023-35965 and CVE-2023-35966) affect Yifan YF325 v1.0_20221108 in the httpd manage_post API. Talos detail shows an integer overflow in Content-Length handling that triggers a heap overflow: CVE-35965 via malloc(content_length+1) and CVE-35966 via realloc(content_length+1), with a s...
CVE-2023-35965
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
Yifan YF325 Buffer Error Vulnerability
Yifan YF325 is a wireless router from Yifan. A buffer error vulnerability exists in Yifan YF325 v1.020221108, which stems from a buffer overflow vulnerability in the httpd managepost function...
PT-2023-6257 · Yifan · Yifan Yf325
Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: A leftover debug code vulnerability exists in the httpd debug credentials functionality. This vulnerability can be triggered by a specially crafted network request, leading to authentication bypas...
PT-2023-6258 · Yifan · Yifan Yf325
Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: A buffer overflow vulnerability exists in the httpd next page functionality, allowing an attacker to execute arbitrary commands by sending a specially crafted network request. The buffer overflow ...
Yifan YF325 httpd next_page buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...
Yifan YF325 httpd do_wds stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1765 Yifan YF325 httpd dowds stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-31272 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted...
Yifan YF325 httpd nvram.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 httpd manage_post stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1787 Yifan YF325 httpd managepost stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35965,CVE-2023-35966 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325...
Yifan YF325 httpd debug credentials leftover debug code vulnerability
Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...
Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...
httpd:2.4 security update
An update is available for httpd, modmd, modhttp2, module.modmd, module.modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...