5908 matches found
CVE-2023-49073
A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-45742
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-45742
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-49073
A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-49073
CVE-2023-49073 affects Realtek rtl819x Jungle SDK v3.4.11 (boa formFilter) used in LevelOne WBR-6013 and related devices. Talos reports a stack-based buffer overflow in formFilter when processing ip6addr, leading to arbitrary code execution. CVSS 3.1 base score 7.2 (HIGH) with NETWORK attack vect...
CVE-2023-45742
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-45742
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-50244
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2023-50243
Realtek rtl819x Jungle SDK v3.4.11 (Boa web server) contains two stack-based buffer overflow vulnerabilities in boa formIpQoS: CVE-2023-50243 (comment) and CVE-2023-50244 (entry_name). Exploitation via specially crafted HTTP requests to /boafrm/formIpQoS can lead to remote code execution; PoCs ar...
CVE-2023-50243
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2023-50244
Summary (CVE-2023-50244): Realtek rtl819x Jungle SDK v3.4.11 uses Boa as a web server; the Boa API /boafrm/formIpQoS contains two stack-based buffer overflow conditions in the entry_name and comment handling. Specifically, the issue arises when a crafted HTTP request supplies a long entry_name pa...
CVE-2023-50381
CVE-2023-50381 concerns Realtek rtl819x Jungle SDK v3.4.11 (Boa web server) used in LevelOne WBR-6013 and related devices. The flaw occurs in the boa formWsc API, where the targetAPSsid parameter (and related inputs) can be unsafely incorporated into system commands, enabling OS command injection...
CVE-2023-50383
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...
CVE-2023-50381
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...
CVE-2023-50382
CVE-2023-50382 and related vulnerabilities in Realtek rtl819x Jungle SDK v3.4.11 (Boa web server) affect the LevelOne WBR-6013 router. Three OS command injection flaws exist in the boa formWsc API via parameters targetAPSsid, peerPin, localPin, enabling arbitrary command execution. Talos reports ...
CVE-2023-50382
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...
CVE-2023-50330
A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2023-50330
CVE-2023-50330 concerns the Realtek rtl819x Jungle SDK v3.4.11, where the Boa web server’s boa getInfo template is exploitable via a crafted sequence of HTTP requests. The root cause is a stack-based buffer overflow in the translate_control_code path used to URL-encode WPA-PSK values, which can o...
CVE-2023-49867
A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2023-49867
CVE-2023-49867 describes a stack-based buffer overflow in the Realtek rtl819x Jungle SDK v3.4.11, specifically the boa web server API /boafrm/formWsc. The vulnerability stems from an unsafe handling of the targetAPMac parameter: the code copies hexadecimal characters into a stack buffer (targetAP...