CVE-2023-35055 – A buffer overflow vulnerability in the Yifan YF... (How to Fix)

Q: What is the severity of CVE-2023-35055?

CVE-2023-35055 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in the Yifan YF325 router's HTTP server allows remote attackers to execute arbitrary commands by sending specially crafted network requests. This affects YF325 routers running vulnerable firmware versions, potentially giving attackers full control over affected devices.

📋 TL;DR

A buffer overflow vulnerability in the Yifan YF325 router's HTTP server allows remote attackers to execute arbitrary commands by sending specially crafted network requests. This affects YF325 routers running vulnerable firmware versions, potentially giving attackers full control over affected devices.

💻 Affected Systems

Products:

Yifan YF325 router

Versions: v1.0_20221108 and likely earlier versions

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the built-in HTTP server (httpd) which is typically enabled by default for web management interface.

📦 What is this software?

Yf325 Firmware by Yifanwireless

View all CVEs affecting Yf325 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to other devices, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify device configuration, steal credentials, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with strict inbound rules and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks, but requires attacker to have network access first.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in the gozila_cgi function's next_page parameter handling, requiring only a crafted HTTP request. Public technical details available from Talos Intelligence.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found at time of analysis

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates 2. Download latest firmware 3. Upload via web interface 4. Reboot device 5. Verify version update

🔧 Temporary Workarounds

Disable HTTP management interface

all

Disable the vulnerable HTTP server if not required for management

Router-specific: Check web interface for HTTP disable option

Network access controls

linux

Restrict access to router management interface

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Isolate affected routers in separate VLAN with strict firewall rules
Implement network monitoring for exploit attempts and anomalous traffic

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface or via SSH: cat /proc/version or similar version command

Check Version:

Router-specific: Check web interface or use telnet/SSH if available

Verify Fix Applied:

Verify firmware version is newer than v1.0_20221108 and test with known exploit payloads (in safe environment)

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to gozila_cgi with long next_page parameters
Failed buffer overflow attempts in system logs

Network Indicators:

HTTP requests with unusually long next_page parameter values
Traffic to router management interface from unexpected sources

SIEM Query:

source="router_logs" AND (http_uri="*gozila_cgi*" AND http_param="*next_page=*" AND length(http_param)>100)

📊 Metadata

CVE ID: CVE-2023-35055

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: October 11, 2023

Last Updated: November 4, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761 Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761 Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1761

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35055, you might also want to check these: