| 제목 | H3C Technologies Co., Ltd. Magic NX30 Pro \ Magic NX15 \ H3C NX400 \ H3C Magic R3010 <=V100R014 Command Injection |
|---|
| 설명 | In the `H3C Magic` home router series, including `H3C Magic NX30 Pro`, `Magic NX15`, `H3C NX400`, and `H3C Magic R3010`, an attacker can send a specially crafted `POST` request to the `/api/wizard/getCapability` endpoint without authorization, exploiting command injection to gain a root shell on the router. |
|---|
| 원천 | ⚠️ https://gist.github.com/mono7s/882650a9a9b54bedc374caf8308efef2 |
|---|
| 사용자 | mono7s (UID 83092) |
|---|
| 제출 | 2025. 03. 21. PM 02:57 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 13. PM 02:28 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 304579 [H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 까지 V100R014 HTTP POST Request getCapability FCGI_WizardProtoProcess 권한 상승] |
|---|
| 포인트들 | 17 |
|---|