4 matches found
CVE-2023-24479
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
Authentication flaw
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2023-24479
Summary: CVE-2023-24479 affects the Yifan YF325 router’s httpd nvram.cgi endpoint. Talos confirms an authentication bypass vulnerability that lets an attacker craft a network request to trigger arbitrary command execution, including the ability to change admin credentials and gain root access. Af...
Yifan YF325 httpd nvram.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...