CVE-2023-35968
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
Existen dos vulnerabilidades de desbordamiento de búfer en la funcionalidad gwcfg_cgi_set_manage_post_data de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar un desbordamiento del búfer. Un atacante puede enviar una solicitud de red para activar estas vulnerabilidades. Este resultado de desbordamiento de entero se utiliza como argumento para la función de realloc.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-06-20 CVE Reserved
- 2023-10-11 CVE Published
- 2024-09-17 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Yifanwireless Search vendor "Yifanwireless" | Yf325 Firmware Search vendor "Yifanwireless" for product "Yf325 Firmware" | 1.0_20221108 Search vendor "Yifanwireless" for product "Yf325 Firmware" and version "1.0_20221108" | - |
Affected
| in | Yifanwireless Search vendor "Yifanwireless" | Yf325 Search vendor "Yifanwireless" for product "Yf325" | - | - |
Safe
|