CVE-2023-34924 – H3C Magic B1STW B1STV100R012 routers contain a ... (How to Fix)

Q: What is the severity of CVE-2023-34924?

CVE-2023-34924 has a CVSS score of 7.5 (HIGH). H3C Magic B1STW B1STV100R012 routers contain a stack overflow vulnerability in the SetAPInfoById function that allows attackers to cause Denial of Service (DoS) via crafted POST requests. This affects users of these specific H3C router models running vulnerable firmware. Attackers can crash the device, disrupting network connectivity.

📋 TL;DR

H3C Magic B1STW B1STV100R012 routers contain a stack overflow vulnerability in the SetAPInfoById function that allows attackers to cause Denial of Service (DoS) via crafted POST requests. This affects users of these specific H3C router models running vulnerable firmware. Attackers can crash the device, disrupting network connectivity.

💻 Affected Systems

Products:

H3C Magic B1STW B1STV100R012

Versions: B1STV100R012 (specific vulnerable version)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Magic B1stw Firmware by H3c

View all CVEs affecting Magic B1stw Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, extended network downtime, potential for remote code execution if stack overflow can be leveraged for arbitrary code execution.

🟠

Likely Case

Router becomes unresponsive, requiring manual reboot to restore functionality, causing temporary network disruption.

🟢

If Mitigated

No impact if device is patched or network segmentation prevents access to vulnerable interface.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via POST requests, making internet-facing devices particularly vulnerable to remote attacks.

🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit this, but requires specific access to the management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub demonstrates exploitation via crafted POST request to vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check H3C official website for firmware updates. If update available, download and apply through router web interface or CLI.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface from untrusted networks

Access Control Lists

linux

Restrict access to router management interface to trusted IPs only

# Example: iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
# iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Disable remote management interface if not required
Implement network monitoring for abnormal POST requests to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface (typically under System > Firmware) or CLI using 'show version' command

Check Version:

show version (CLI) or check web interface System Information page

Verify Fix Applied:

Verify firmware version has been updated to a version later than B1STV100R012

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to router management interface with abnormal payload sizes
Router crash/reboot logs
Connection refused errors after exploitation

Network Indicators:

Abnormal POST requests to router IP on management ports (typically 80, 443, 8080)
Sudden drop in router responsiveness

SIEM Query:

source="router_logs" AND (http_method="POST" AND (uri_path="/cgi-bin/luci" OR user_agent CONTAINS "exploit") AND bytes > 1000)

📊 Metadata

CVE ID: CVE-2023-34924

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: June 26, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/ChrisL0tus/CVE-2023-34924 Third Party Advisory
https://github.com/ChrisL0tus/CVE-2023-34924 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34924, you might also want to check these: