| Titel | H3C Technologies Co., Ltd. H3C Magic NX30 Pro <=V100R007 Remote code execution |
|---|
| Beschreibung | In the H3C Magic series products, H3C Magic NX30 Pro and H3C NX400 allow an attacker to send a specially crafted POST request to the /api/wizard/getNetworkConf route without authorization, enabling remote code execution with the highest privileges. |
|---|
| Quelle | ⚠️ https://github.com/ggstrunk/CVE/blob/main/wizard_getNetworkStatus.md |
|---|
| Benutzer | trunk (UID 82786) |
|---|
| Einreichung | 14.03.2025 07:03 (vor 1 Jahr) |
|---|
| Moderieren | 24.03.2025 13:59 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 300747 [H3C Magic NX30 Pro bis V100R007 HTTP POST Request getNetworkStatus erweiterte Rechte] |
|---|
| Punkte | 16 |
|---|