| शीर्षक | H3C NX15 V100R017 Incorrect Access Control |
|---|
| विवरण | H3C Magic NX15 firmware NX15V100R017 contains an improper authentication vulnerability in the administrator password modification endpoint. The POST /api/login/modify endpoint is reachable before authentication and is forwarded to the esps.system changepasswd backend without validating the HTTP_AUTHENTICATION session header.
A remote attacker who can access the web management interface can send an unauthenticated request to POST /api/login/modify and change the administrator password to an attacker-controlled value. After that, the attacker can log in with the new password, obtain a valid administrator session, and access protected management APIs.
The issue was verified on H3C NX15 R017. A request to POST /api/login/modify with {"newPass":"TmpPass123!"} returned {"code":0}, and a subsequent login to POST /api/login/auth with the new password returned a valid session token. Successful exploitation may lead to full device takeover.
|
|---|
| स्रोत | ⚠️ https://github.com/coconut652-7/IOT_Vul_Public/tree/main/H3C/NX15R017/pre_auth_pwd_change |
|---|
| उपयोगकर्ता | coconut (UID 98382) |
|---|
| सबमिशन | 26/05/2026 04:07 AM (2 महीनों पहले) |
|---|
| संयम | 11/07/2026 11:56 AM (2 months later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 377785 [H3C NX15 V100R017 Administrator Password Modification Endpoint /api/login/modify change_passwd newPass अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|