Summaryinfo

A vulnerability was found in H3C Magic R100 and Magic R365. It has been declared as problematic. This vulnerability affects unknown code of the component TCP Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2023-30311. The attack can be initiated remotely. Furthermore, there is an exploit available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability was found in H3C Magic R100 and Magic R365 (version unknown). It has been classified as problematic. This affects an unknown function of the component TCP Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:

An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service.

The advisory is shared at ndss-symposium.org. This vulnerability is uniquely identified as CVE-2023-30311 since 04/07/2023. It is possible to initiate the attack remotely. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1499 for this issue.

The exploit is shared for download at ndss-symposium.org. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• H3C

Name

• Magic R100
• Magic R365

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion