CVE-2023-35056

Name of the Vulnerable Software and Affected Versions Yifan YF325 version 1.0 20221108

Description A buffer overflow vulnerability exists in the httpd next page functionality, allowing an attacker to execute arbitrary commands by sending a specially crafted network request. The buffer overflow is located in the next page parameter of the cgi handler function. This issue can be exploited by a remote attacker.

Recommendations For Yifan YF325 version 1.0 20221108, consider disabling the cgi handler function or restricting access to the next page parameter until a patch is available. Avoid using the next page parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.