CVE-2023-35055 identifies a stack-based buffer overflow vulnerability in the Yifan YF325 device, version v1.0_20221108. The flaw resides in the httpd server component, specifically within the next_page parameter processed by the gozila_cgi function. When a specially crafted network request is sent to this parameter, it causes a buffer overflow on the stack, which can overwrite control data and lead to arbitrary command execution on the device. The vulnerability does not require prior authentication but does require user interaction, likely meaning the attacker must send the malicious request to the device's exposed network interface. The CVSS 3.1 score of 8.8 reflects the vulnerability's high impact on confidentiality, integrity, and availability, with network attack vector and low attack complexity. The vulnerability is categorized under CWE-121, indicating classic stack-based buffer overflow issues. No patches or known exploits are currently published, but the potential for remote code execution makes this a critical threat. The device's httpd service is the attack surface, and exploitation could allow attackers to take full control of the device, disrupt services, or pivot into internal networks.

For European organizations, this vulnerability poses a significant risk, especially for those deploying Yifan YF325 devices in critical infrastructure, industrial control systems, or network edge environments. Successful exploitation could lead to full device compromise, enabling attackers to execute arbitrary commands, disrupt device functionality, exfiltrate sensitive data, or use the device as a foothold for lateral movement within the network. This could impact confidentiality by exposing sensitive information, integrity by allowing unauthorized changes, and availability by causing denial of service. The lack of authentication requirement increases the attack surface, particularly if devices are exposed to untrusted networks or the internet. The requirement for user interaction may limit automated exploitation but does not eliminate risk in environments where attackers can send crafted requests directly. The absence of known exploits in the wild provides a window for proactive defense, but the high CVSS score demands urgent attention.

European organizations should immediately implement network segmentation and restrict access to Yifan YF325 devices, ensuring they are not exposed to untrusted networks or the internet. Deploy strict firewall rules to limit incoming traffic to trusted sources only. Monitor network traffic for unusual or malformed requests targeting the httpd service, especially those involving the next_page parameter. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts. Engage with the vendor to obtain patches or firmware updates as soon as they become available and plan for timely deployment. If patching is delayed, consider disabling or restricting the vulnerable httpd service or isolating affected devices. Conduct regular vulnerability scans and penetration tests focusing on this device to identify exposure. Educate network administrators about the threat and ensure incident response plans include scenarios involving device compromise through this vulnerability.