إرسال #524734: H3C Technologies Co., Ltd. Magic NX30 Pro \ Magic NX15 \ H3C NX400 \ H3C Magic R3010 <=V100R014 Command Injectionالمعلومات

عنوانH3C Technologies Co., Ltd. Magic NX30 Pro \ Magic NX15 \ H3C NX400 \ H3C Magic R3010 <=V100R014 Command Injection
الوصفIn the `H3C Magic` home router series, including `H3C Magic NX30 Pro`, `Magic NX15`, `H3C NX400`, and `H3C Magic R3010`, an attacker can send a specially crafted `POST` request to the `/api/wizard/getCapability` endpoint without authorization, exploiting command injection to gain a root shell on the router.
المصدر⚠️ https://gist.github.com/mono7s/882650a9a9b54bedc374caf8308efef2
المستخدم
 mono7s (UID 83092)
ارسال21/03/2025 02:57 PM (1 سنة منذ)
الاعتدال13/04/2025 02:28 PM (23 days later)
الحالةتمت الموافقة
إدخال VulDB304579 [H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 حتى V100R014 HTTP POST Request getCapability FCGI_WizardProtoProcess تجاوز الصلاحيات]
النقاط17

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!