CVE-2023-35968

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description The issue is related to the gwcfg cgi set manage post data() function in the Yifan YF325 industrial Wi-Fi router's firmware, which is associated with a buffer overflow in memory. This can be exploited by a remote attacker by sending specially crafted requests, potentially affecting the integrity, availability, and confidentiality of protected information. The vulnerability involves a heap-based buffer overflow that can be triggered by a specially crafted network request, leading to an integer overflow result being used as an argument for the realloc function.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the gwcfg cgi set manage post data() function until a patch is available to prevent exploitation. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid using the vulnerable function to process network requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.