yifanwireless 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk memory corruption などに関し、一部は vendor impact memory corruption を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-35968 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | [email protected] | 9.8 | 0.77% | 2023-10-11 | 2026-06-17 |
| CVE-2023-35967 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | [email protected] | 9.8 | 0.77% | 2023-10-11 | 2026-06-17 |
| CVE-2023-35966 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | [email protected] | 9.8 | 0.77% | 2023-10-11 | 2026-06-17 |
| CVE-2023-35965 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | [email protected] | 9.8 | 0.77% | 2023-10-11 | 2026-06-17 |
| CVE-2023-35056 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function. | [email protected] | 8.8 | 1.02% | 2023-10-11 | 2026-06-17 |
| CVE-2023-35055 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function. | [email protected] | 8.8 | 1.02% | 2023-10-11 | 2026-06-17 |
| CVE-2023-34426 | A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | [email protected] | 9.8 | 0.77% | 2023-10-11 | 2026-06-17 |
| CVE-2023-34365 | A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. | [email protected] | 9.8 | 0.77% | 2023-10-11 | 2026-06-17 |
| CVE-2023-34346 | A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. | [email protected] | 9.8 | 1.29% | 2023-10-11 | 2026-06-17 |
| CVE-2023-32645 | A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | [email protected] | 9.8 | 53.53% | 2023-10-11 | 2026-06-17 |
| CVE-2023-32632 | A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | [email protected] | 8.8 | 1.21% | 2023-10-11 | 2026-06-17 |
| CVE-2023-31272 | A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | [email protected] | 8.8 | 0.64% | 2023-10-11 | 2026-06-17 |
| CVE-2023-24479 | An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | [email protected] | 9.8 | 1.71% | 2023-10-11 | 2026-06-17 |