CRITICAL🇵🇱 Wersja polska

CVE-2023-35965

CVSS 9.8v3.1pub. 2023-10-11upd. 2025-11-04

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Yifanwireless Yf325

    HW
    Yifanwireless
    wszystkie wersje
  • Yifanwireless Yf325 Firmware

    OS
    Yifanwireless
    1.0_20221108
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-24479CRITICAL9.8ten sam produkt

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_2022110...

CVE-2023-34365CRITICAL9.8ten sam produkt

A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF3...

CVE-2023-32645CRITICAL9.8ten sam produkt

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20...

CVE-2023-34346CRITICAL9.8ten sam produkt

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1....

CVE-2023-34426CRITICAL9.8ten sam produkt

A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1...