| عنوان | H3C Technologies Co., Ltd. H3C Magic NX30 Pro \ Magic NX15 \ H3C NX400 \ H3C Magic R3010 <=V100R014 Command Injection |
|---|
| الوصف | In the `H3C Magic` home router series, including `H3C Magic NX30 Pro`, `Magic NX15`, `H3C NX400`, and `H3C Magic R3010`, an attacker can send a specially crafted `POST` request to the `/api/wizard/setsyncpppoecfg` endpoint without authorization, exploiting command injection to gain a root shell on the router.
|
|---|
| المصدر | ⚠️ https://gist.github.com/mono7s/9369a3ef060b5655303cd234ba583bb5 |
|---|
| المستخدم | mono7s (UID 83092) |
|---|
| ارسال | 21/03/2025 03:07 PM (1 سنة منذ) |
|---|
| الاعتدال | 13/04/2025 02:28 PM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 304582 [H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 حتى V100R014 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|