إرسال #520497: H3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command executionالمعلومات

عنوان	H3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command execution
الوصف	In the H3C Magic series products, including H3C Magic NX15, H3C NX400, H3C Magic R3010, H3C Magic BE18000, and H3C Magic NX30 Pro, an attacker can send a specially crafted POST packet to the /api/wizard/getDualbandSync route without authorization, allowing them to obtain the highest privileges on the device.
المصدر	⚠️ https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md
المستخدم	Qwen (UID 82796)
ارسال	14/03/2025 10:46 AM (1 سنة منذ)
الاعتدال	24/03/2025 01:59 PM (10 days later)
الحالة	تمت الموافقة
إدخال VulDB	300751 [H3C Magic BE18000 حتى V100R014 HTTP POST Request getDualbandSync تجاوز الصلاحيات]
النقاط	17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!