5781 matches found
Buffer overflow
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-35056
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-35055
CVE-2023-35055 affects Yifan YF325 v1.0_20221108. Talos reports a stack-based buffer overflow in the httpd module via the gozila_cgi/next_page handling, where user-controlled next_page is copied into a fixed buffer using strcpy, enabling remote code execution. The vulnerability is triggered by sp...
CVE-2023-35055
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-35056
A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...
CVE-2023-24479
Summary: CVE-2023-24479 affects the Yifan YF325 router’s httpd nvram.cgi endpoint. Talos confirms an authentication bypass vulnerability that lets an attacker craft a network request to trigger arbitrary command execution, including the ability to change admin credentials and gain root access. Af...
CVE-2023-34346
CVE-2023-34346 concerns a stack-based buffer overflow in the Yifan YF325 router. Talos reports the vulnerability exists in the httpd gwcfg.cgi get endpoint, where the code reads request data using Content-Length into a fixed-size buffer without proper bounds checking, allowing a specially crafted...
CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-31272
A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34426
Cisco Talos documents a stack-based buffer overflow in Yifan YF325 v1.0_20221108 (httpd manage_request). The vulnerability occurs when processing certain URL paths (notably /tmp/sd): the code copies a URL path into a fixed-size buffer without length checks, leading to overflow during pre-processi...
CVE-2023-31272
The CVE affects Yifan YF325, version v1.0_20221108, where the httpd do_wds endpoint copies URL_path into a fixed-size buffer using strcpy without length checks, causing a stack-based buffer overflow. This can be triggered by a specially crafted network request (no authentication required) and Tal...
CVE-2023-31272
A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-34426
A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...
CVE-2023-35966
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
CVE-2023-35965
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
CVE-2023-35965
CVE-2023-35965 affects Yifan YF325 v1.0_20221108. Talos details show two heap-based buffer overflow flaws in the httpd manage_post handling: the code allocates memory using malloc/realloc(content_length + 1) without validating content_length, causing a heap overflow when content_length is the max...
CVE-2023-35966
Two CVEs (CVE-2023-35965 and CVE-2023-35966) affect Yifan YF325 v1.0_20221108 in the httpd manage_post API. Talos detail shows an integer overflow in Content-Length handling that triggers a heap overflow: CVE-35965 via malloc(content_length+1) and CVE-35966 via realloc(content_length+1), with a s...
CVE-2023-35965
Two heap-based buffer overflow vulnerabilities exist in the httpd managepost functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is...
Yifan YF325 httpd debug credentials leftover debug code vulnerability
Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...
Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...