Headline
CVE-2023-34924: GitHub - ChrisL0tus/CVE-2023-34924
H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2023-34924****A buffer over flow vulnerability of H3C_Magic_B1STV100R012 router****CVE info:
• the name of an affected Product: H3C Magic B1STW B1STV100R012 router
• the affected or fixed version(s): affected version: H3C-Magic-B1STW - H3C_Magic_B1STV100R012. Fixed version: none
• the CVE ID for the entry (if possible): CVE-2023-34924
• a prose description: There is a buffer overflow vulnerability in the SetAPInfoById function in the web service of H3C_Magic_B1STV100R012 router, which can cause the web service to crash and even get the shell
• vulnerability Type: buffer overflow
• Root Cause: The SetAPInfoById function get the param from request body and do not check the size, thus lead to the stack overflow and make the service crash
• Impact: DoS