Vulnerabilities > CVE-2023-27805 - Out-of-bounds Write vulnerability in H3C Magic R100 Firmware V100R005

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

h3c

CWE-787

NVD

Published: 2023-04-07

Updated: 2023-11-07

Summary

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Vulnerable Configurations

Part	Description	Count
OS	H3C H3C Magic R100 Firmware V100R005 H3C Magic R100 Firmware -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://hackmd.io/%400dayResearch/EditSTList