CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34346
https://notcve.org/view.php?id=CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer obtenida en la funcionalidad httpd gwcfg.cgi de Yifan YF325 v1.0_20221108. Un paquete de red especialmente manipulado puede conducir a la ejecución de un comando. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764 • CWE-489: Active Debug Code CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31272
https://notcve.org/view.php?id=CVE-2023-31272
A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad httpd do_wds de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar un desbordamiento del búfer. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34426
https://notcve.org/view.php?id=CVE-2023-34426
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad httpd enable_request de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulda puede provocar un desbordamiento del búfer. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32632
https://notcve.org/view.php?id=CVE-2023-32632
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de ejecución de comandos en la funcionalidad validar.so diag_ping_start de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede conducir a la ejecución de un comando. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35966
https://notcve.org/view.php?id=CVE-2023-35966
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. Existen dos vulnerabilidades de desbordamiento de búfer en la funcionalidad httpd Manage_post de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar un desbordamiento del búfer. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •