Y4
Monthly
Buffer overflow in the web server component of GALAYOU Y4 version 1.0.0 allows adjacent-network attackers to compromise the device's confidentiality, integrity, and availability without authentication. Publicly available exploit code exists per VulDB disclosure, though the vendor was contacted and did not respond, leaving the issue unpatched. EPSS data was not provided and the flaw is not listed in CISA KEV, but the public PoC combined with vendor silence elevates practical risk for any deployment exposed on shared LAN/Wi-Fi segments.
Buffer overflow in the web server component of GALAYOU Y4 version 1.0.0 allows adjacent-network attackers to compromise the device's confidentiality, integrity, and availability without authentication. Publicly available exploit code exists per VulDB disclosure, though the vendor was contacted and did not respond, leaving the issue unpatched. EPSS data was not provided and the flaw is not listed in CISA KEV, but the public PoC combined with vendor silence elevates practical risk for any deployment exposed on shared LAN/Wi-Fi segments.