A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Yf325_firmware | Yifanwireless | 1.0_20221108 (including) | 1.0_20221108 (including) |