Description
A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-14
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow exists in an unknown function of the GALAYOU Y4 1.0.0 web server component. Manipulation of input data over this component can cause the overflow, potentially allowing an attacker to execute arbitrary code or crash the server. The upstream description does not explicitly state the exact privileges gained, but the nature of the flaw permits local exploitation that could lead to privilege escalation or service disruption.

Affected Systems

Only the GALAYOU Y4 firmware version 1.0.0 is known to be affected. No other versions or variants have been identified at this time.

Risk and Exploitability

The flaw receives a CVSS score of 8.7, indicating a high severity impact. An exploit was publicly disclosed and could be employed by adversaries on the local network, however the EPSS score is not provided and the vulnerability is not listed in CISA KEV. Without a vendor patch, the attack vector remains restricted to insiders or compromised devices on the same network segment.

Generated by OpenCVE AI on June 15, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If a newer firmware or patch that fixes the web server buffer overflow is available, upgrade the GALAYOU Y4 device immediately
  • If no patch exists, disable the web server component or restrict its accessibility so that only trusted devices on a separate trusted VLAN can communicate with it
  • Introduce network segmentation so that the device is isolated from untrusted traffic, and apply firewall rules to block all inbound connections from unknown sources
  • Continuously monitor device logs for unusual requests or patterns that might indicate an exploitation attempt, and apply host‑based intrusion detection rules that flag buffer overflow signatures

Generated by OpenCVE AI on June 15, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 14 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title GALAYOU Y4 Web Server buffer overflow
First Time appeared Galayou
Galayou y4
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:galayou:y4:*:*:*:*:*:*:*:*
Vendors & Products Galayou
Galayou y4
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:A/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Galayou Y4
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-14T23:15:09.375Z

Reserved: 2026-06-14T06:47:08.126Z

Link: CVE-2026-12192

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-15T00:16:43.067

Modified: 2026-06-15T00:16:43.067

Link: CVE-2026-12192

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T00:30:07Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')