CVE-2023-32632
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
Existe una vulnerabilidad de ejecuciĆ³n de comandos en la funcionalidad validar.so diag_ping_start de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede conducir a la ejecuciĆ³n de un comando. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad.
*Credits:
Discovered by Francesco Benvenuto of Cisco Talos.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-12 CVE Reserved
- 2023-10-11 CVE Published
- 2024-09-18 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yifanwireless Search vendor "Yifanwireless" | Yf325 Firmware Search vendor "Yifanwireless" for product "Yf325 Firmware" | 1.0_20221108 Search vendor "Yifanwireless" for product "Yf325 Firmware" and version "1.0_20221108" | - |
Affected
| in | Yifanwireless Search vendor "Yifanwireless" | Yf325 Search vendor "Yifanwireless" for product "Yf325" | - | - |
Safe
|