CVE-2023-35967

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description Two heap-based buffer overflow vulnerabilities exist in the gwcfg cgi set manage post data functionality. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities, potentially impacting the integrity, availability, and confidentiality of protected information. The integer overflow result is used as an argument for the malloc function.

Recommendations For Yifan YF325 version 1.0 20221108, as a temporary workaround, consider disabling the gwcfg cgi set manage post data function until a patch is available. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid using the vulnerable functionality in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.