Chinese company Yifan’s industrial routers have been found to be plagued by a series of critical vulnerabilities that could potentially expose organizations to cyberattacks, according to a report by Cisco’s Talos threat intelligence and research group. The disclosure of these vulnerabilities follows notification to the vendor in late June, giving them more than 90 days to release patches. However, as no fixes have been provided, Cisco has now made public the technical details, adhering to its vulnerability disclosure policy.
Talos researchers unearthed over a dozen vulnerabilities in Yifan’s YF325 cellular router. The vendor’s statement indicates that this device has found applications across various sectors, including self-service terminals, intelligent transportation, industrial automation, smart grid, water supply, finance, and point-of-sale systems.
What’s alarming is that the majority of these identified vulnerabilities have received “critical severity” ratings, while the remaining ones are classified as “high severity.” These vulnerabilities expose significant weaknesses in the router’s security posture.
Talos reported that the most concerning of these security holes can be exploited to execute arbitrary code, including potentially malicious commands, on the targeted router. This particular vulnerability is assigned CVE-2023-32632. Additionally, attackers could exploit CVE-2023-24479 to change the administrative credentials of the device, essentially taking control of it, and even obtain root access. Another vulnerability, CVE-2023-32645, allows cybercriminals to leverage leftover debug credentials to gain access to the device with admin privileges.
The remaining vulnerabilities could potentially be exploited for arbitrary code/command execution, which means attackers could run their own commands on the device, or for launching denial-of-service (DoS) attacks, rendering the device inoperable.
Importantly, these vulnerabilities can all be exploited by sending specially crafted network requests to the targeted device. This highlights the need for timely patching and updates, particularly in industrial settings where security vulnerabilities can have wide-ranging consequences.
The exposure of these vulnerabilities serves as a stark reminder of the ongoing challenges organizations face in securing critical infrastructure and devices. In the absence of prompt patches, organizations relying on Yifan’s YF325 cellular router must take additional security measures to safeguard their systems and data. Furthermore, it underscores the importance of security researchers and organizations collaborating to identify and rectify vulnerabilities to maintain the integrity of critical infrastructure systems.
CyberSec84 | Cybersecurity news. 
Leave a comment