Lucene search

[email protected]NVD:CVE-2023-27806

HistoryApr 07, 2023 - 2:15 p.m.

CVE-2023-27806

2023-04-0714:15:07

CWE-787

[email protected]

web.nvd.nist.gov

h3c

magic r100

r100v100r005.bin

stack overflow

ipqos_lanip_dellist

denial of service

dos

crafted payload

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.5%

JSON

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Affected configurations

Nvd

Node

h3cmagic_r100_firmwareMatchv100r005

AND

h3cmagic_r100_firmwareMatch-

VendorProductVersionCPE
h3cmagic_r100_firmwarev100r005cpe:2.3:o:h3c:magic_r100_firmware:v100r005:*:*:*:*:*:*:*
h3cmagic_r100_firmware-cpe:2.3:o:h3c:magic_r100_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
h3c	magic_r100_firmware	v100r005	cpe:2.3:o:h3c:magic_r100_firmware:v100r005:::::::*
h3c	magic_r100_firmware	-	cpe:2.3:o:h3c:magic_r100_firmware:-:::::::*

References

hackmd.io/%400dayResearch/ipqos_lanip_dellist

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.5%

JSON

Related for NVD:CVE-2023-27806

prion1 cvelist1 cve1