Shodan
Vulnerabilities
Vulnerable Software
Yifanwireless:  >> Yf325 Firmware  Security Vulnerabilities
CVE-2023-35967
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-35968
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-32645
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-11
CVE-2023-34346
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-34365
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-34426
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-35055
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-35056
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-11
CVE-2023-35965
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-11
CVE-2023-35966
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved