CVE-2023-34924 PoC — H3C Magic B1STW B1STV100R012 缓冲区错误漏洞

Source

https://github.com/ChrisL0tus/CVE-2023-34924

Associated Vulnerability

Title:H3C Magic B1STW B1STV100R012 缓冲区错误漏洞 (CVE-2023-34924)
Description:H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Readme

# CVE-2023-34924

## A buffer over flow vulnerability of H3C_Magic_B1STV100R012 router

## CVE info:
```
•    the name of an affected Product:  H3C Magic B1STW B1STV100R012 router
•    the affected or fixed version(s): affected version: H3C-Magic-B1STW - H3C_Magic_B1STV100R012. Fixed version: none
•    the CVE ID for the entry (if possible): CVE-2023-34924
•    a prose description:  There is a buffer overflow vulnerability in the SetAPInfoById function in the web service of H3C_Magic_B1STV100R012 router, which can cause the web service to crash and even get the shell
•    vulnerability Type: buffer overflow
•    Root Cause: The  SetAPInfoById function get the param from request body and do not check the size, thus lead to the stack overflow and make the service crash
•    Impact: DoS
```

File Snapshot


 [4.0K]  /data/pocs/e7056fe2d4d95fcffb94116c958f887cd7a2d00f
├── [4.0K]  assets
│   ├── [6.5K]  func1.png
│   ├── [ 10K]  func2.png
│   ├── [ 86K]  log.png
│   └── [ 67K]  poc.png
├── [ 724]  POC.md
└── [ 812]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!