CVE-2023-50240

Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

History

11 Jul 2024, 16:05

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 - Exploit, Third Party Advisory
CWE CWE-787
Summary
  • (es) Existen dos vulnerabilidades de desbordamiento de búfer en la región stack de la memoria en la funcionalidad boa set_RadvdInterfaceParam de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecución remota de código. Un atacante puede enviar una secuencia de solicitudes para activar estas vulnerabilidades. Este desbordamiento de búfer en la región stack de la memoria está relacionado con el parámetro de solicitud `AdvDefaultPreference`.
First Time Level1
Level1 wbr-6013 Firmware
Level1 wbr-6013
Realtek rtl819x Jungle Software Development Kit
Realtek
CPE cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*
cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

08 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-08 16:15

Updated : 2024-07-11 16:05


NVD link : CVE-2023-50240

Mitre link : CVE-2023-50240

CVE.ORG link : CVE-2023-50240


JSON object : View

Products Affected

level1

  • wbr-6013
  • wbr-6013_firmware

realtek

  • rtl819x_jungle_software_development_kit
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow