提出 #520499: H3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command execution情報

タイトルH3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command execution
説明In the H3C Magic series products, including H3C Magic NX15, H3C NX400, H3C Magic R3010, H3C Magic BE18000, and H3C Magic NX30 Pro, an attacker can send a specially crafted POST packet to the /api/wizard/getWifiNeighbour route without authorization, allowing them to obtain the highest privileges on the device.
ソース⚠️ https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md
ユーザー
 Qwen (UID 82796)
送信2025年03月14日 10:47 (1 年 ago)
モデレーション2025年03月24日 13:59 (10 days later)
ステータス承諾済み
VulDBエントリ300752 [H3C Magic BE18000 迄 V100R014 HTTP POST Request getWifiNeighbour 特権昇格]
ポイント17

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!