CVE-2023-32632

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description A command execution issue exists in the diag ping start functionality of the validate.so module. This is due to inadequate data cleaning at the management level. An attacker can exploit this by sending a specially crafted network request to execute arbitrary commands. The vulnerability can be triggered remotely.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the diag ping start function in the validate.so module until a patch is available to prevent command execution. Restrict access to the validate.so module to minimize the risk of exploitation. Avoid using the diag ping start functionality in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.