CVE-2023-27805 in Magic R100
Summary
by MITRE • 04/07/2023
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 11/25/2025
The vulnerability identified as CVE-2023-27805 affects the H3C Magic R100 wireless router firmware version R100V100R005, specifically within the EditSTList interface located at the /goform/aspForm endpoint. This represents a critical stack overflow vulnerability that arises from insufficient input validation and improper memory management within the router's web interface. The flaw exists in the handling of user-supplied data through the.aspForm interface, which processes configuration requests for the router's wireless settings.
The technical implementation of this vulnerability stems from the router's failure to properly validate the length and content of input parameters passed to the EditSTList function. When an attacker crafts a malicious payload and submits it through the /goform/aspForm endpoint, the system attempts to process this data without adequate bounds checking, leading to a stack buffer overflow condition. This memory corruption occurs when the input data exceeds the allocated buffer space, causing the program to overwrite adjacent memory locations and potentially leading to arbitrary code execution or system instability. The vulnerability operates at the application layer and requires authentication to exploit, though the specific authentication requirements may vary based on the firmware's configuration.
The operational impact of this vulnerability manifests primarily as a Denial of Service condition, where an attacker can disrupt the normal operation of the wireless router by causing a crash or reboot of the device. The DoS condition can be sustained through repeated exploitation attempts, effectively rendering the router unavailable to legitimate users and potentially disrupting network connectivity for all devices connected through the affected wireless access point. Network administrators may experience service degradation and increased maintenance overhead as the device repeatedly fails and requires manual intervention to restore functionality.
Mitigation strategies for this vulnerability should include immediate firmware updates from H3C to address the stack overflow issue and implement proper input validation mechanisms. Network segmentation and access control measures should be employed to limit exposure of the affected interface to trusted users only, while monitoring systems should be deployed to detect anomalous traffic patterns that may indicate exploitation attempts. The vulnerability aligns with CWE-121 Stack-based Buffer Overflow and follows ATT&CK technique T1210 Exploitation of Remote Services, emphasizing the need for robust input validation and memory safety practices in embedded network device firmware development. Organizations should also consider implementing network-based intrusion detection systems to identify and block malicious payloads targeting this specific interface.