CVE-2023-50240
published 2024-07-08CVE-2023-50240: Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.41%
69.4th percentile
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| level1 | wbr-6013_firmware | — | — |
| levelone | wbr-6013 | — | — |
| realtek | rtl819x_jungle_sdk | — | — |
| realtek | rtl819x_jungle_software_development_kit | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
15 vulnerabilities discovered in software development kit for wireless routers
blogs_talos·2024-07-10·CVSS 7.2
[HIGH] 15 vulnerabilities discovered in software development kit for wireless routers
## 15 vulnerabilities discovered in software development kit for wireless routers
Cisco Talos’ Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers.
This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router, which are also covered in this blog post.
Realtek has patched these issues in the SDK, all in adherence to Cisco’s third-party vulnerability disclosure policy, while LevelOne has declined to release a fix.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule
Talos
15 vulnerabilities discovered in software development kit for wireless routers
blogs_talos·2024-07-10·CVSS 7.2
[HIGH] 15 vulnerabilities discovered in software development kit for wireless routers
Cisco Talos’ Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers.
This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router, which are also covered in this blog post.
Realtek has patched these issues in the SDK, all in adherence to Cisco’s third-party vulnerability disclosure policy, while LevelOne has declined to release a fix.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on
2024-07-08
Published