CVE-2023-50240 identifies two stack-based buffer overflow vulnerabilities in the boa set_RadvdInterfaceParam functionality of the Realtek rtl819x Jungle SDK version 3.4.11, which is embedded in the LevelOne WBR-6013 router firmware (version RER4_A_v3411b_2T2R_LEV_09_170623). The vulnerability is linked to improper input validation of the AdvDefaultPreference parameter within the router's network request handling code. An attacker with network access and elevated privileges can send a sequence of specially crafted requests to overflow the stack buffer, potentially overwriting the return address or other control data. This can lead to remote code execution (RCE) on the device, allowing the attacker to execute arbitrary code with the privileges of the vulnerable process. The CVSS 3.1 base score is 7.2, reflecting high severity due to network attack vector, low attack complexity, required privileges, and no user interaction. The impact includes full compromise of the device, enabling attackers to intercept, modify, or disrupt network traffic, pivot to internal networks, or launch further attacks. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The affected firmware version is specific, indicating that devices running other versions may not be vulnerable, but similar Realtek SDK versions could share the flaw. The vulnerability is categorized under CWE-121, a classic stack-based buffer overflow, which is a well-known and critical class of memory corruption bugs.

For European organizations, exploitation of this vulnerability could lead to complete compromise of affected LevelOne WBR-6013 routers, undermining network security and potentially exposing sensitive data traversing these devices. Given the router’s role as a network gateway, attackers could intercept confidential communications, disrupt business operations through denial of service, or use the compromised device as a foothold for lateral movement within corporate networks. This risk is heightened in sectors relying on these devices for critical infrastructure or remote office connectivity. The vulnerability’s network-based attack vector means that attackers do not need physical access or user interaction, increasing the likelihood of remote exploitation. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, as public disclosure often leads to rapid development of exploit code. Organizations with limited patch management capabilities or those using outdated firmware are particularly vulnerable. Additionally, the vulnerability could be leveraged in targeted attacks against high-value European entities, especially where LevelOne devices are prevalent.

Organizations should immediately inventory their network infrastructure to identify any LevelOne WBR-6013 devices running the affected firmware version RER4_A_v3411b_2T2R_LEV_09_170623. Until an official patch is released, restrict network access to the router’s management interfaces by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. Disable or restrict the use of the vulnerable boa set_RadvdInterfaceParam functionality if possible, or disable IPv6 router advertisement features if not required. Monitor network traffic for unusual or repeated requests targeting the AdvDefaultPreference parameter or related interfaces, using IDS/IPS systems with custom signatures. Employ network anomaly detection to identify potential exploitation attempts. Plan and prioritize firmware updates as soon as vendor patches become available, validating updates in test environments before deployment. Additionally, consider replacing affected devices with models from vendors with more timely security support if patching is delayed. Educate network administrators about the vulnerability and ensure that privileged credentials are protected to prevent attackers from gaining the required privileges for exploitation.