CVE-2023-35055

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description A buffer overflow vulnerability exists in the httpd next page functionality, allowing an attacker to execute arbitrary commands by sending a specially crafted network request. The buffer overflow is located in the next page parameter of the gozila cgi function.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the gozila cgi function or restricting access to the next page parameter until a patch is available. Avoid using the next page parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.