SB2023101624 - Multiple vulnerabilities in Yifan YF325
Published: October 16, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2023-35965)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the malloc function in the httpd manage_post functionality. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2023-35966)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the realloc function in the httpd manage_post functionality. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2023-35967)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the malloc function in the gwcfg_cgi_set_manage_post_data functionality. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Heap-based buffer overflow (CVE-ID: CVE-2023-35968)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the realloc function in the gwcfg_cgi_set_manage_post_data functionality. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Stack-based buffer overflow (CVE-ID: CVE-2023-34365)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the libutils.so nvram_restore functionality. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Stack-based buffer overflow (CVE-ID: CVE-2023-31272)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the httpd do_wds functionality. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2023-35056)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the cgi_handler function in the httpd next_page functionality. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2023-35055)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the gozila_cgi function in the httpd next_page functionality. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Stack-based buffer overflow (CVE-ID: CVE-2023-34346)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the httpd gwcfg.cgi get functionality. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Improper access control (CVE-ID: CVE-2023-32632)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the validate.so diag_ping_start functionality. A remote attacker can bypass implemented security restrictions and execute arbitrary commands on the system.
11) Active Debug Code (CVE-ID: CVE-2023-32645)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a leftover debug code issue in the httpd debug credentials functionality. A remote attacker can send a specially crafted request and bypass authentication on the target system.
12) Stack-based buffer overflow (CVE-ID: CVE-2023-34426)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the httpd manage_request functionality. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Improper access control (CVE-ID: CVE-2023-24479)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the httpd nvram.cgi functionality. A remote attacker can bypass implemented security restrictions and execute arbitrary commands on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1762