제출 #524737: H3C Technologies Co., Ltd. H3C Magic NX30 Pro \ Magic NX15 \ H3C NX400 \ H3C Magic R3010 <=V100R014 Command Injection정보

제목H3C Technologies Co., Ltd. H3C Magic NX30 Pro \ Magic NX15 \ H3C NX400 \ H3C Magic R3010 <=V100R014 Command Injection
설명In the `H3C Magic` home router series, including `H3C Magic NX30 Pro`, `Magic NX15`, `H3C NX400`, and `H3C Magic R3010`, an attacker can send a specially crafted `POST` request to the `/api/wizard/getSpecs` endpoint without authorization, exploiting command injection to gain a root shell on the router.
원천⚠️ https://gist.github.com/mono7s/fcbc1f02d69547704cc9027b29e51c73
사용자
 mono7s (UID 83092)
제출2025. 03. 21. PM 03:01 (1 년도 ago)
모더레이션2025. 04. 13. PM 02:28 (23 days later)
상태수락
VulDB 항목304580 [H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 까지 V100R014 HTTP POST Request /api/wizard/getSpecs FCGI_WizardProtoProcess 권한 상승]
포인트들17

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!