CVE-2023-35966
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
Existen dos vulnerabilidades de desbordamiento de búfer en la funcionalidad httpd Manage_post de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar un desbordamiento del búfer. Un atacante puede enviar una solicitud de red para activar estas vulnerabilidades. Este resultado de desbordamiento de entero se utiliza como argumento para la función de realloc.
*Credits:
Discovered by Francesco Benvenuto of Cisco Talos.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-20 CVE Reserved
- 2023-10-11 CVE Published
- 2024-09-17 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yifanwireless Search vendor "Yifanwireless" | Yf325 Firmware Search vendor "Yifanwireless" for product "Yf325 Firmware" | 1.0_20221108 Search vendor "Yifanwireless" for product "Yf325 Firmware" and version "1.0_20221108" | - |
Affected
| in | Yifanwireless Search vendor "Yifanwireless" | Yf325 Search vendor "Yifanwireless" for product "Yf325" | - | - |
Safe
|