Vulnerabilities (CVE)

Filtered by vendor Yifanwireless Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-35968 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
CVE-2023-35967 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
CVE-2023-35966 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.
CVE-2023-35965 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.
CVE-2023-35056 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 8.8 HIGH
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.
CVE-2023-35055 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 8.8 HIGH
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.
CVE-2023-34426 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.
CVE-2023-34365 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.
CVE-2023-34346 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-32645 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.
CVE-2023-32632 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 8.8 HIGH
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2023-31272 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 8.8 HIGH
A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.
CVE-2023-24479 1 Yifanwireless 2 Yf325, Yf325 Firmware 2024-11-21 N/A 9.8 CRITICAL
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.