CVE-2023-34346

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality. This issue can be triggered by a specially crafted network packet, potentially leading to command execution. An attacker can exploit this by sending a malicious network request.

Recommendations For Yifan YF325 version 1.0 20221108, as a temporary workaround, consider disabling the httpd gwcfg.cgi get functionality until a patch is available. Restrict access to the vulnerable gwcfg.cgi module to minimize the risk of exploitation. Avoid using the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.