Lucene search

TalosCVELIST:CVE-2023-41251

HistoryJul 08, 2024 - 3:22 p.m.

CVE-2023-41251

2024-07-0815:22:24

CWE-121

talos

www.cve.org

buffer overflow

realtek rtl819x

jungle sdk

remote code execution

http request

cve-2023-41251

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.5%

JSON

A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "LevelOne",
    "product": "WBR-6013",
    "versions": [
      {
        "version": "RER4_A_v3411b_2T2R_LEV_09_170623",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Realtek",
    "product": "rtl819x Jungle SDK",
    "versions": [
      {
        "version": "v3.4.11",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1894

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.5%

JSON

Related for CVELIST:CVE-2023-41251