제출 #520497: H3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command execution정보

제목H3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command execution
설명In the H3C Magic series products, including H3C Magic NX15, H3C NX400, H3C Magic R3010, H3C Magic BE18000, and H3C Magic NX30 Pro, an attacker can send a specially crafted POST packet to the /api/wizard/getDualbandSync route without authorization, allowing them to obtain the highest privileges on the device.
원천⚠️ https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md
사용자
 Qwen (UID 82796)
제출2025. 03. 14. AM 10:46 (1 년도 ago)
모더레이션2025. 03. 24. PM 01:59 (10 days later)
상태수락
VulDB 항목300751 [H3C Magic BE18000 까지 V100R014 HTTP POST Request getDualbandSync 권한 상승]
포인트들17

이전개요다음

Want to stay up to date on a daily basis?

Enable the mail alert feature now!