CVE-2026-12192

8.8 HIGH

A vulnerability was determined in GALAYOU Y4 1.0.0

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119, CWE-120

Description

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12192
[Other]https://vuldb.com/cve/CVE-2026-12192
[Other]https://vuldb.com/submit/825801
[Other]https://vuldb.com/vuln/370838
[Other]https://vuldb.com/vuln/370838/cti

Related CVEs

Same CWE

CVE-2026-12216 — A weakness has been identified in svaarala duktape up to 2.99.99 (5.3 MEDIUM)
CVE-2026-12200 — A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32 (7.3 HIGH)
CVE-2026-12193 — A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x (7.8 HIGH)
CVE-2026-12174 — A security vulnerability has been detected in D-Link DCS-935L 1.10.01 (8.8 HIGH)
CVE-2026-36818 — Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter... (7.5 HIGH)