738 matches found
CVE-2023-32645
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...
CVE-2023-35055
CVE-2023-35055 affects Yifan YF325 v1.0_20221108. Talos reports a stack-based buffer overflow in the httpd module via the gozila_cgi/next_page handling, where user-controlled next_page is copied into a fixed buffer using strcpy, enabling remote code execution. The vulnerability is triggered by sp...
CVE-2023-35056
CVE-2023-35056 affects Yifan YF325 v1.0_20221108. The vulnerability is a stack-based buffer overflow in the httpd cgi_handler path, triggered by the next_page parameter fetched from the HTTP request and copied into a fixed-size buffer via strcpy, enabling potential remote code execution. Talos de...
CVE-2023-24479
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-24479
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-35055
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-24479
Summary: CVE-2023-24479 affects the Yifan YF325 router’s httpd nvram.cgi endpoint. Talos confirms an authentication bypass vulnerability that lets an attacker craft a network request to trigger arbitrary command execution, including the ability to change admin credentials and gain root access. Af...
CVE-2023-34365
A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34365
Affected software: Yifan YF325 router (v1.0_20221108). Vulnerability: stack-based buffer overflow in libutils.so nvram_restore parsing. The nvram upload file is parsed in a loop reading key length (up to 255) into a 128-byte buffer, causing a stack overflow. This can be triggered by a specially c...
CVE-2023-32632
A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34426
Cisco Talos documents a stack-based buffer overflow in Yifan YF325 v1.0_20221108 (httpd manage_request). The vulnerability occurs when processing certain URL paths (notably /tmp/sd): the code copies a URL path into a fixed-size buffer without length checks, leading to overflow during pre-processi...
CVE-2023-32632
CVE-2023-32632 affects Yifan YF325 v1.0_20221108. Talos details a vulnerability in the validate.so diag_ping_start CGI path that can be reached without authentication, allowing an attacker to trigger command execution by crafting a network request. The bug enables the diag_ping_start function to ...
CVE-2023-32632
A command execution vulnerability exists in the validate.so diagpingstart functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-35967
Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow...
CVE-2023-35968
Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow...
Yifan YF325 Buffer Error Vulnerability
Yifan YF325 is a wireless router from Yifan Yifan. A security vulnerability exists in Yifan YF325 v1.020221108, which stems from a specially crafted network request that could result in a stack-based buffer overflow...
Yifan YF325 libutils.so nvram_restore stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1763 Yifan YF325 libutils.so nvramrestore stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34365 SUMMARY A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108...
Yifan YF325 httpd next_page buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 httpd nvram.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 Buffer Error Vulnerability
Yifan YF325 is a wireless router from Yifan Yifan. A security vulnerability exists in Yifan YF325 v1.020221108, which stems from a specially crafted network request that could result in a stack-based buffer overflow...