10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router. Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.

The one other security issue Talos has disclosed over the past two weeks is a use-after-free vulnerability in an open-source port of WebKit, a popular content rendering engine used in popular web browsers like Apple Safari.

Read more…
Source: Cisco Talos