| Título | H3C Technologies ACG1000-AK230 ACG1000-AK230 Command Injection |
|---|
| Descripción | As a leader in digital and AI solutions, H3C Group is committed to being a reliable partner for customer business innovation and digital transformation. However, a critical pre-authentication command execution vulnerability has been identified in the ACG1000-AK230 gateway, a network device under the H3C portfolio. The root cause lies in the application incorporating unsanitized user input directly into system commands. Exploiting this flaw, attackers can execute arbitrary operating system commands to gain full server control without authorization. If successfully exploited, this vulnerability could lead to the theft or modification of sensitive data (such as configuration files and credentials). The server may be remotely hijacked to become a "zombie" or mining rig. Furthermore, it may facilitate lateral movement into the internal network, potentially paralyzing the entire corporate infrastructure and causing catastrophic consequences for business continuity and data security. |
|---|
| Fuente | ⚠️ https://github.com/leeyper/CVE/issues/1 |
|---|
| Usuario | leeyper (UID 95962) |
|---|
| Sumisión | 2026-02-27 06:26 (hace 1 mes) |
|---|
| Moderación | 2026-03-11 07:35 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 350353 [H3C ACG1000-AK230 hasta 20260227 ?aaa_portal_auth_local_submit suffix escalada de privilegios] |
|---|
| Puntos | 20 |
|---|