Wiz
Vulnerability DatabaseCVE-2023-1877

CVE-2023-1877
PHP vulnerability analysis and mitigation

Overview

An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. The vulnerability was discovered in July 2024 and affects LevelOne WBR-6013 router and Realtek rtl819x Jungle SDK. The vulnerability has been assigned CVE-2023-45742 with a CVSS score of 7.2 (Talos Intelligence).

Technical details

The vulnerability exists in the boa updateConfigIntoFlash functionality where no check is performed after fetching components used to calculate the allocation size for malloc. This can lead to an integer overflow when calculating compLenofheader*compRate, resulting in less space being allocated than required. The vulnerability manifests during the decompression phase, leading to a heap-based buffer overflow (Talos Intelligence).

Impact

A successful exploitation of this vulnerability can lead to arbitrary code execution on affected devices. The attacker can trigger this vulnerability by sending a specially crafted sequence of HTTP requests (Talos Intelligence).

Mitigation and workarounds

Realtek has provided updated software to their customers to address this vulnerability. However, LevelOne has declined to patch the issues in their software. Users of affected LevelOne devices should consider implementing network-level protections to restrict access to the vulnerable functionality (Talos Intelligence).

Additional resources

SourceThis report was generated using AI

Related PHP vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-13828CRITICAL9
  • PHPPHP
  • mautic/core
NoYesDec 02, 2025
CVE-2025-13827HIGH8.8
  • PHPPHP
  • mautic/grapes-js-builder-bundle
NoYesDec 02, 2025
CVE-2025-66468HIGH7.6
  • PHPPHP
  • aimeos/ai-cms-grapesjs
NoYesDec 02, 2025
CVE-2025-65657MEDIUM6.5
  • PHPPHP
  • feehi/cms
NoNoDec 02, 2025
CVE-2025-65186MEDIUM6.1
  • PHPPHP
  • getgrav/grav
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo