PT-2023-6259 · Yifan · Yifan Yf325

Francesco Benvenuto

Published

2023-10-11

Updated

2023-10-13

CVE-2023-35055

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description A buffer overflow vulnerability exists in the httpd next page functionality, allowing an attacker to execute arbitrary commands by sending a specially crafted network request. The buffer overflow is located in the next page parameter of the gozila cgi function.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the gozila cgi function or restricting access to the next page parameter until a patch is available. Avoid using the next page parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

BDU:2023-06968

CVE-2023-35055

Affected Products

Yifan Yf325

PT-2023-6259 · Yifan · Yifan Yf325

CVE-2023-35055

Weakness Enumeration

Related Identifiers

Affected Products

References · 8