Summaryinfo

A vulnerability, which was classified as critical, has been found in H3C Magic R300 R300-2100MV100R004. Affected is the function UpdateWanParams of the file /goform/aspForm. Performing a manipulation results in stack-based overflow. This vulnerability is reported as CVE-2023-33633. No exploit exists. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability classified as critical has been found in H3C Magic R300 R300-2100MV100R004. This affects the function UpdateWanParams of the file /goform/aspForm. The manipulation with an unknown input leads to a stack-based overflow vulnerability. CWE is classifying the issue as CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.

The weakness was disclosed 06/01/2023. It is possible to read the advisory at hackmd.io. This vulnerability is uniquely identified as CVE-2023-33633 since 05/22/2023. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-37789). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• H3C

Name

• Magic R300

Version

• R300-2100MV100R004

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion