Industrial routers Yifan vulnerable to 10 zero-day flaws
Take action: With no patch available the only reasonable mitigating measures are isolating the systems from internet access. Research your infrastructure and consider locking out the devices from public networks.
Learn More
Cisco Talos has recently exposed a multitude of vulnerabilities in Yifan routers. The Yifan YF325, an industrial cellular router, is vulnerable to 10 out of the 11 identified being zero-days that don’t yet have a patch. These vulnerabilities could expose a series of cyber attacks.
To worsen matters, attackers can execute any shell commands they desire on the devices under attack.
The Yifan YF325 is used as a cellular terminal device, providing both Wi-Fi and ethernet connection facilities to networks. With a broad spectrum of applications, from the self-service terminal industry to weather prediction, its importance in industrial and machine-to-machine fields is undeniable.
One of the most alarming vulnerabilities is CVE-2023-24479 (CVSS score 9.8). If exploited, cybercriminals could alter the admin credentials and gain root access. Another vulnerability, CVE-2023-32645 also brings authentication concerns, where a hacker can utilize residual debug credentials to gain admin access.
Multiple buffer overflow vulnerabilities, triggered by network requests that have been manipulated, were identified.
The list of vulnerabilities, all carrying a CVSS score of 9.8 include
- CVE-2023-35055
- CVE-2023-35056
- CVE-2023-34365
- CVE-2023-34346
- CVE-2023-31272
- CVE-2023-34426
- CVE-2023-35965
- CVE-2023-35966
- CVE-2023-35967
- CVE-2023-35968
Despite the lack of an official patch from Yifan, Talos has opted to disclose these vulnerabilities. At this moment there are no reasonable mitigating measures except isolating the systems from internet access.
