CVE-2023-27804 in Magic R100info

Summary

by MITRE • 04/07/2023

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 11/25/2025

The vulnerability identified as CVE-2023-27804 affects H3C Magic R100 routers running firmware version R100V100R005, representing a critical stack overflow condition within the device's web interface implementation. This flaw exists within the DelvsList interface located at the /goform/aspForm endpoint, which serves as a communication channel for device configuration and management operations. The stack overflow vulnerability stems from insufficient input validation and bounds checking within the firmware's handling of user-supplied data, creating an exploitable condition that can be leveraged by remote attackers to disrupt normal device operations.

The technical implementation of this vulnerability involves the manipulation of input parameters passed through the DelvsList interface, where the firmware fails to properly validate the length and content of incoming data before processing it on the stack memory. When an attacker crafts a malicious payload exceeding the allocated stack buffer size, the overflow occurs during the function execution, potentially corrupting adjacent memory locations and causing unpredictable behavior. This type of vulnerability maps directly to CWE-121 Stack-based Buffer Overflow, which is classified as a fundamental memory safety issue that has been consistently identified as a primary attack vector in network device security assessments.

The operational impact of this vulnerability extends beyond simple denial of service, as it represents a significant security risk for organizations relying on H3C Magic R100 devices for network infrastructure. The DoS condition can result in complete service disruption, forcing network administrators to perform manual device restarts and potentially causing extended downtime for critical network services. The remote exploitation capability means that attackers can trigger this vulnerability without requiring physical access or local network presence, making it particularly dangerous in enterprise environments where such devices often serve as primary network gateways. From an ATT&CK framework perspective, this vulnerability aligns with T1499.004 Network Denial of Service and T1595.001 Network Device Firmware, indicating both the attack technique and the target system component being compromised.

Mitigation strategies for this vulnerability should prioritize immediate firmware updates from H3C to address the underlying stack overflow condition, as the vendor has likely released patches containing proper input validation and buffer management controls. Network segmentation and access control measures can provide temporary protection by limiting who can reach the vulnerable interface, while monitoring systems should be deployed to detect unusual traffic patterns that might indicate exploitation attempts. Security teams should also consider implementing network-based intrusion detection systems that can identify and block malicious payloads targeting the specific /goform/aspForm endpoint. Regular security assessments of network infrastructure components, including vulnerability scanning and penetration testing, should be conducted to identify similar issues in other network devices within the organization's attack surface, as similar stack overflow conditions have been discovered in various networking equipment from multiple vendors.

Reservation

03/05/2023

Disclosure

04/07/2023

Moderation

accepted

CPE

ready

EPSS

0.00787

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!