cbcvebase.

Yifan Yf325 vulnerabilities

12 known vulnerabilities affecting yifan/yf325.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12

Vulnerabilities

Page 1 of 1
CVE-2023-24479P2CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-24479 [CRITICAL] CWE-284 CVE-2023-24479: An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1 An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-32632P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-32632 [CRITICAL] CWE-284 CVE-2023-32632: A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan Y A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-34346P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-34346 [CRITICAL] CWE-489 CVE-2023-34346: A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-34426P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-34426 [CRITICAL] CWE-121 CVE-2023-34426: A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifa A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-31272P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-31272 [CRITICAL] CWE-121 CVE-2023-31272: A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-34365P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-34365 [CRITICAL] CWE-121 CVE-2023-34365: A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-35055P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-35055 [CRITICAL] CWE-121 CVE-2023-35055: A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_2022 A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.
nvd
CVE-2023-35056P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-35056 [CRITICAL] CWE-121 CVE-2023-35056: A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_2022 A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.
nvd
CVE-2023-35965P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-35965 [CRITICAL] CWE-190 CVE-2023-35965: Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
nvd
CVE-2023-35967P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-35967 [CRITICAL] CWE-190 CVE-2023-35967: Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functiona Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc functi
nvd
CVE-2023-35968P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-35968 [CRITICAL] CWE-190 CVE-2023-35968: Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functiona Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc funct
nvd
CVE-2023-35966P3CRITICALCVSS 9.8vv1.0_202211082023-10-11
CVE-2023-35966 [CRITICAL] CWE-190 CVE-2023-35966: Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
nvd
Yifan Yf325 vulnerabilities | cvebase