Login Sign Up

CVE-2023-50243

7.2 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

Two stack-based buffer overflow vulnerabilities in Realtek rtl819x Jungle SDK's boa formIpQoS functionality allow remote code execution via specially crafted HTTP requests. Attackers can exploit these vulnerabilities by manipulating the 'comment' parameter in HTTP requests. This affects devices using Realtek rtl819x Jungle SDK v3.4.11.

💻 Affected Systems

Products:
  • Realtek rtl819x Jungle SDK
Versions: v3.4.11
Operating Systems: Embedded Linux systems using Realtek SDK
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with boa HTTP server enabled and formIpQoS functionality accessible.

📦 What is this software?

Rtl819x Jungle Software Development Kit by Realtek

View all CVEs affecting Rtl819x Jungle Software Development Kit →

Wbr 6013 Firmware by Level1

View all CVEs affecting Wbr 6013 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full system control, executes arbitrary code, and potentially establishes persistent access on affected devices.

🟠

Likely Case

Remote code execution leading to device compromise, data theft, or integration into botnets.

🟢

If Mitigated

Limited impact if network segmentation, input validation, and proper access controls are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific HTTP requests but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor Realtek for security updates. 2. Check with device manufacturers for firmware updates. 3. Apply patches when available.

🔧 Temporary Workarounds

Disable boa HTTP server

linux

Disable the vulnerable boa HTTP server if not required for device functionality.

systemctl stop boa
systemctl disable boa

Network segmentation

all

Isolate affected devices in separate network segments with strict firewall rules.

🧯 If You Can't Patch

  • Implement strict network access controls to limit HTTP access to trusted sources only.
  • Deploy web application firewall (WAF) rules to filter malicious HTTP requests targeting the comment parameter.

🔍 How to Verify

Check if Vulnerable:

Check if device uses Realtek rtl819x Jungle SDK v3.4.11 and has boa HTTP server running on port 80.

Check Version:

Check device firmware documentation or manufacturer specifications for SDK version.

Verify Fix Applied:

Verify SDK version is updated beyond v3.4.11 or boa server is disabled.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests with long comment parameters
  • Multiple failed HTTP requests to formIpQoS endpoint

Network Indicators:

  • HTTP POST requests to formIpQoS with abnormal payload sizes
  • Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="boa" AND (uri="*formIpQoS*" OR method="POST") AND (content_length>1000 OR param="comment")

📊 Metadata

CVE ID: CVE-2023-50243
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: July 8, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50243, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)