CVE-2023-33634

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published May 31, 2023

Updated: Jan 10, 2025

CWE ID 787

Summary

CVE-2023-33634 is a newly disclosed vulnerability affecting the H3C Magic R300 router running version R300-2100MV100R004. This vulnerability can be exploited through the EdittriggerList interface located at /goform/aspForm, which leads to a stack overflow. By sending maliciously crafted data to this interface, an attacker can potentially gain unauthorized access to the system or cause it to crash, leading to a denial-of-service condition. This issue poses a significant risk to networks using this vulnerable router version and requires an immediate update to a patched version to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

New H3C Technologies Co. Ltd.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners