Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-27801

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Apr, 2023 | 00:00
Updated At-12 Feb, 2025 | 17:08
Rejected At-
Credits

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Apr, 2023 | 00:00
Updated At:12 Feb, 2025 | 17:08
Rejected At:
▼CVE Numbering Authority (CNA)

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackmd.io/%400dayResearch/DelDNSHnList
N/A
Hyperlink: https://hackmd.io/%400dayResearch/DelDNSHnList
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackmd.io/%400dayResearch/DelDNSHnList
x_transferred
Hyperlink: https://hackmd.io/%400dayResearch/DelDNSHnList
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Apr, 2023 | 14:15
Updated At:12 Feb, 2025 | 17:15

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CPE Matches
New H3C Technologies Co., Ltd.
h3c
>>magic_r100_firmware>>v100r005
cpe:2.3:o:h3c:magic_r100_firmware:v100r005:*:*:*:*:*:*:*
New H3C Technologies Co., Ltd.
h3c
>>magic_r100_firmware>>-
cpe:2.3:o:h3c:magic_r100_firmware:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://hackmd.io/%400dayResearch/DelDNSHnListcve@mitre.org
N/A
https://hackmd.io/%400dayResearch/DelDNSHnListaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://hackmd.io/%400dayResearch/DelDNSHnList
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hackmd.io/%400dayResearch/DelDNSHnList
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2022-30922
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30917
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37098
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37097
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36498
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.66%
||
7 Day CHG+0.01%
Published-25 Aug, 2022 | 13:56
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36499
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.66%
||
7 Day CHG+0.01%
Published-25 Aug, 2022 | 13:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36506
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.81%
||
7 Day CHG-0.01%
Published-25 Aug, 2022 | 13:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36477
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.90%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-b5_minib5_mini_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34609
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34600
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34610
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37073
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-gr-1200w_firmwaregr-1200wn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30919
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30909
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:23
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33637
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34933
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stmagic_b1st_firmwaren/amagic
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34929
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.14%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stmagic_b1st_firmwaren/amagic
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34934
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stmagic_b1st_firmwaren/amagic
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34928
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.17%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stmagic_b1st_firmwaren/amagic
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34924
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stwmagic_b1stw_firmwaren/amagic_b1stw
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34930
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.14%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stmagic_b1st_firmwaren/amagic
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34931
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.03%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_b1stmagic_b1st_firmwaren/amagic
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33635
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33633
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33630
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-16 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100m_firmwaremagic_r300-2100mn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33640
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33638
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33642
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.75%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33641
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33632
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33631
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33634
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33628
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.27%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 00:00
Updated-10 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r300-2100mmagic_r300-2100m_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37094
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37088
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37072
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-gr-1200w_firmwaregr-1200wn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37095
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG-0.06%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-h200_firmwareh200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36493
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.66%
||
7 Day CHG+0.01%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36473
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.90%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-b5_minib5_mini_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36492
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.66%
||
7 Day CHG+0.01%
Published-25 Aug, 2022 | 13:56
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30924
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 13:24
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r100magic_r100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34601
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36467
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.90%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-b5_minib5_mini_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34599
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_r200_firmwaremagic_r200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 00:00
Updated-22 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-di-8003_firmwaredi-8003n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47909
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-4.9||MEDIUM
EPSS-0.68% / 70.65%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 16:02
Updated-19 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

Action-Not Available
Vendor-Ivanti Software
Product-policy_secureconnect_securePolicy SecureConnect Secure
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:01
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, and RBS750 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80rbs750_firmwaremk62_firmwarerax15mr60mr60_firmwarerax75mk62rax80_firmwarerbr750_firmwarerax50rbk752_firmwarerax45ms60_firmwarerbk752rbr750rbs750rax15_firmwarerax20rax200rax75_firmwarerax50_firmwarerax45_firmwarerax20_firmwarems60n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37280
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-4.9||MEDIUM
EPSS-0.23% / 45.90%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 16:26
Updated-03 Oct, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Action-Not Available
Vendor-Elasticsearch BV
Product-elasticsearchElasticsearch
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-33008
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 03:46
Updated-26 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory Corruption vulnerability in SAP Replication Server

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.

Action-Not Available
Vendor-SAP SE
Product-SAP Replication Server
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found