CVE-2023-35967
Affected product: Yifan YF325 (v1.0_20221108). CVE-2023-35967 and CVE-2023-35968 describe two heap-based buffer overflow vulnerabilities in gwcfg_cgi_set_manage_post_data, caused by integer overflows on content-length for malloc/realloc. Triggered by specially crafted network requests, potentiall...