Vulnerabilities > Yifanwireless > Yf325 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-32632 Command Injection vulnerability in Yifanwireless Yf325 Firmware 1.020221108
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108.
network
low complexity
yifanwireless CWE-77
critical
 9.8
9.8
2023-10-11 CVE-2023-31272 Out-of-bounds Write vulnerability in Yifanwireless Yf325 Firmware 1.020221108
A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108.
network
low complexity
yifanwireless CWE-787
critical
 9.8
9.8
2023-10-11 CVE-2023-24479 Improper Authentication vulnerability in Yifanwireless Yf325 Firmware 1.020221108
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108.
network
low complexity
yifanwireless CWE-287
critical
 9.8
9.8