CVE-2023-27802 in Magic R100info

Summary

by MITRE • 04/07/2023

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 11/25/2025

The CVE-2023-27802 vulnerability represents a critical stack overflow flaw discovered in H3C Magic R100 wireless access point firmware version R100V100R005.bin. This vulnerability exists within the web-based management interface of the device, specifically in the /goform/aspForm endpoint where the EditvsList parameter is processed. The flaw stems from inadequate input validation and buffer management within the firmware's web server implementation, creating an exploitable condition that can be leveraged by remote attackers to disrupt service availability.

The technical nature of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. When a maliciously crafted payload is sent to the EditvsList parameter, the firmware fails to properly validate the input length before copying it into a fixed-size stack buffer. This allows an attacker to overflow the buffer and potentially overwrite return addresses, function pointers, or other critical stack data structures, leading to unpredictable behavior and system instability.

From an operational perspective, this vulnerability presents a significant risk to network infrastructure availability as it enables remote attackers to execute a Denial of Service attack without requiring authentication or privileged access. The impact extends beyond simple service disruption since the stack overflow can potentially lead to complete system crashes or reboots, leaving network access points unavailable for legitimate users. Network administrators may experience extended downtime while investigating and remediating the issue, particularly in environments where these devices serve as critical access points for wireless connectivity.

The attack surface for this vulnerability is particularly concerning given that it resides in the web management interface, which is typically accessible from external networks for configuration and monitoring purposes. This exposure means that attackers can exploit the vulnerability from anywhere on the internet, making it a high-priority target for automated scanning and exploitation campaigns. The lack of authentication requirements for exploitation further compounds the risk, as it eliminates the need for attackers to first compromise legitimate credentials.

Organizations should prioritize immediate remediation by upgrading to firmware versions that address this stack overflow vulnerability, as provided by H3C security advisories. Network segmentation and access control measures should be implemented to limit exposure of management interfaces to trusted networks only. Additionally, implementing network monitoring solutions that can detect anomalous traffic patterns associated with exploitation attempts can provide early warning of potential attacks. The vulnerability demonstrates the importance of robust input validation and memory safety practices in embedded firmware systems, aligning with ATT&CK technique T1499.004 for Denial of Service and highlighting the need for secure coding practices throughout the development lifecycle.

Reservation

03/05/2023

Disclosure

04/07/2023

Moderation

accepted

CPE

ready

EPSS

0.00787

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!