Stack Overflow Vulnerability in H3C Magic B1STW Products by H3C
CVE-2023-34924

7.5HIGH

Key Information:

Vendor: H3c
Status: Magic B1stw Firmware
Vendor: CVE Published:; 26 June 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A stack overflow vulnerability has been identified in the H3C Magic B1STW product line. This flaw exists in the SetAPInfoById function, which may be exploited by attackers sending specially crafted POST requests. Successful exploitation of this vulnerability could result in a Denial of Service condition, impacting the availability of the affected devices. It is crucial for users to apply any available patches or updates to mitigate the risk associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-34924
Created by ChrisL0tus

References

https://github.com/ChrisL0tus/CVE-2023-34924

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2023
🟡
Public PoC available
Jun 15, 2023
👾
Exploit known to exist
Jun 15, 2023
Vulnerability Reserved
Jun 7, 2023