| タイトル | H3C Technologies ACG1000-AK230 ACG1000-AK230 Command Injection |
|---|
| 説明 | As a leader in digital and AI solutions, H3C Group is committed to being a reliable partner for customer business innovation and digital transformation. However, a critical pre-authentication command execution vulnerability has been identified in the ACG1000-AK230 gateway, a network device under the H3C portfolio. The root cause lies in the application incorporating unsanitized user input directly into system commands. Exploiting this flaw, attackers can execute arbitrary operating system commands to gain full server control without authorization. If successfully exploited, this vulnerability could lead to the theft or modification of sensitive data (such as configuration files and credentials). The server may be remotely hijacked to become a "zombie" or mining rig. Furthermore, it may facilitate lateral movement into the internal network, potentially paralyzing the entire corporate infrastructure and causing catastrophic consequences for business continuity and data security. |
|---|
| ソース | ⚠️ https://github.com/leeyper/CVE/issues/1 |
|---|
| ユーザー | leeyper (UID 95962) |
|---|
| 送信 | 2026年02月27日 06:26 (1 月 ago) |
|---|
| モデレーション | 2026年03月11日 07:35 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 350353 [H3C ACG1000-AK230 迄 20260227 ?aaa_portal_auth_local_submit suffix 特権昇格] |
|---|
| ポイント | 20 |
|---|