Login Sign Up

CVE-2023-34365

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in Yifan YF325 routers allows remote attackers to execute arbitrary code by sending specially crafted network requests. This affects Yifan YF325 v1.0_20221108 devices with the vulnerable libutils.so library. Attackers can potentially gain full control of affected devices.

💻 Affected Systems

Products:
  • Yifan YF325
Versions: v1.0_20221108
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the libutils.so library's nvram_restore functionality. All devices running this firmware version are vulnerable.

📦 What is this software?

Yf325 Firmware by Yifanwireless

View all CVEs affecting Yf325 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Device takeover enabling traffic interception, credential theft, and participation in botnets.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - Directly exploitable via network requests without authentication.
🏢 Internal Only: HIGH - Exploitable from any network segment with access to the device.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed technical analysis and proof-of-concept available in Talos reports. Exploitation requires network access but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Contact Yifan vendor for updated firmware. 2. Download and verify firmware integrity. 3. Backup current configuration. 4. Upload and apply firmware update via web interface or CLI. 5. Reboot device. 6. Verify update applied successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate YF325 devices from untrusted networks and restrict access to management interfaces.

Access Control Lists

linux

Implement firewall rules to block external access to vulnerable services.

iptables -A INPUT -p tcp --dport [management_port] -j DROP
iptables -A INPUT -s [trusted_network] -p tcp --dport [management_port] -j ACCEPT

🧯 If You Can't Patch

  • Replace vulnerable devices with supported alternatives
  • Deploy network-based intrusion prevention systems to detect and block exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > Firmware) or CLI command 'cat /proc/version' for 'v1.0_20221108'

Check Version:

cat /proc/version

Verify Fix Applied:

Verify firmware version no longer shows v1.0_20221108 after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual network connections to device management ports
  • Multiple failed nvram operations
  • Process crashes related to libutils.so

Network Indicators:

  • Unexpected traffic patterns to device on unusual ports
  • Exploit-like payloads in network traffic

SIEM Query:

source="router_logs" AND ("nvram_restore" OR "libutils.so") AND (severity="critical" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2023-34365
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: October 11, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34365, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)