CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32645
https://notcve.org/view.php?id=CVE-2023-32645
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de código de depuración sobrante en la funcionalidad de credenciales de depuración httpd de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar una omisión de autenticación. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752 • CWE-489: Active Debug Code •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35056
https://notcve.org/view.php?id=CVE-2023-35056
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad httpd next_page de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede conducir a la ejecución de un comando. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35055
https://notcve.org/view.php?id=CVE-2023-35055
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad httpd next_page de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede conducir a la ejecución de un comando. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24479
https://notcve.org/view.php?id=CVE-2023-24479
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad httpd nvram.cgi de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar la ejecución de un comando arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1762 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34365
https://notcve.org/view.php?id=CVE-2023-34365
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad libutils.so nvram_restore de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar un desbordamiento del búfer. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •