CVE-2023-27801 in Magic R100info

Summary

by MITRE • 04/07/2023

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 11/23/2025

The CVE-2023-27801 vulnerability affects H3C Magic R100 routers running firmware version R100V100R005, representing a critical stack overflow condition within the device's web management interface. This flaw exists in the DelDNSHnList interface located at the /goform/aspForm endpoint, which processes incoming requests without adequate input validation mechanisms. The vulnerability stems from improper buffer handling during the processing of DNS host name list deletion operations, creating an exploitable condition that can be leveraged by remote attackers to disrupt service availability.

The technical implementation of this vulnerability involves a classic stack-based buffer overflow scenario where malicious input data exceeds the allocated buffer space within the DelDNSHnList function. When the router processes a specially crafted HTTP request containing excessive data in parameters related to DNS host name deletion, the stack memory layout becomes corrupted, leading to unpredictable behavior including application crashes, system instability, and complete denial of service for legitimate users. This type of vulnerability falls under CWE-121 stack-based buffer overflow classification, which is categorized as a fundamental memory safety issue in software development practices.

From an operational perspective, this vulnerability presents significant risks to network infrastructure security as it enables remote attackers to execute denial of service attacks against targeted H3C Magic R100 devices without requiring authentication or specialized privileges. The attack surface is particularly concerning given that the vulnerable interface is accessible through standard web protocols, making exploitation straightforward using common network reconnaissance and attack tools. The impact extends beyond simple service disruption, potentially affecting business continuity and network availability for organizations relying on these devices for their networking infrastructure. The vulnerability aligns with ATT&CK technique T1499.004 for network denial of service attacks, where adversaries leverage system weaknesses to compromise availability.

Organizations should implement immediate mitigations including firmware updates from H3C to address the root cause of the buffer overflow, network segmentation to limit access to the vulnerable web interface, and monitoring for suspicious traffic patterns targeting the /goform/aspForm endpoint. Additionally, deploying web application firewalls and implementing strict input validation measures can provide defense-in-depth protection against similar vulnerabilities. The remediation process should also involve comprehensive network scanning to identify all affected devices and establish baseline security configurations that prevent unauthorized access to administrative interfaces. Regular security assessments and vulnerability management programs should be enhanced to detect and address similar memory corruption issues in network infrastructure devices.

Reservation

03/05/2023

Disclosure

04/07/2023

Moderation

accepted

CPE

ready

EPSS

0.00787

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!