CVE-2023-35968

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 11, 2023

Updated: Oct 12, 2023

CWE ID 787

CWE ID 190

Summary

CVE-2023-35968 refers to two heap-based buffer overflow vulnerabilities found in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. These vulnerabilities can be exploited through a specially crafted network request, leading to a heap buffer overflow. The overflowed memory is then used as an argument for the realloc function, potentially allowing an attacker to execute arbitrary code or cause the system to crash.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s-DgUw
https://www.cve.org/CVERecord?id=CVE-2023-35968
https://nvd.nist.gov/vuln/detail/CVE-2023-35968

Back to Vulnerability Database

CVE-2023-35968

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations