CVE-2023-45742

An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1877 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1877 - Exploit, Third Party Advisory

11 Jul 2024, 16:02

Type Values Removed Values Added
CPE cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*
cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*
Summary
  • (es) Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad boa updateConfigIntoFlash de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden provocar la ejecución de código arbitrario. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad.
First Time Level1 wbr-6013 Firmware
Realtek
Level1
Level1 wbr-6013
Realtek rtl819x Jungle Software Development Kit
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1877 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1877 - Exploit, Third Party Advisory

08 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-08 16:15

Updated : 2024-11-21 08:27


NVD link : CVE-2023-45742

Mitre link : CVE-2023-45742

CVE.ORG link : CVE-2023-45742


JSON object : View

Products Affected

realtek

  • rtl819x_jungle_software_development_kit

level1

  • wbr-6013
  • wbr-6013_firmware
CWE
CWE-190

Integer Overflow or Wraparound