ID
VAR-202310-0300
CVE
CVE-2023-35967
TITLE
Yifan YF325 buffer overflow vulnerability
Trust: 0.6
DESCRIPTION
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. Yifan YF325 is a wireless router from Yifan Company. Yifan YF325 has a buffer overflow vulnerability, which originates from a boundary error in the gwcfg_cgi_set_manage_post_data function malloc function when processing untrusted input
Trust: 1.44
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | yifanwireless | model: | yf325 | scope: | eq | version: | 1.0_20221108 | Trust: 1.0 |
| vendor: | yifan | model: | yf325 v1.0 20221108 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-190 | Trust: 1.0 |
| problemtype: | CWE-787 | Trust: 1.0 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-35967 | Trust: 1.6 |
| db: | TALOS | id: | TALOS-2023-1788 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2024-11151 | Trust: 0.6 |
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2023-1788 | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2024-11151 |
| db: | NVD | id: | CVE-2023-35967 |
LAST UPDATE DATE
2024-08-14T13:19:43.422000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-11151 | date: | 2024-03-03T00:00:00 |
| db: | NVD | id: | CVE-2023-35967 | date: | 2023-10-12T22:28:03.643 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-11151 | date: | 2024-03-03T00:00:00 |
| db: | NVD | id: | CVE-2023-35967 | date: | 2023-10-11T16:15:14.050 |