| 제목 | H3C Technologies ACG1000-AK230 ACG1000-AK230 Command Injection |
|---|
| 설명 | As a leader in digital and AI solutions, H3C Group is committed to being a reliable partner for customer business innovation and digital transformation. However, a critical pre-authentication command execution vulnerability has been identified in the ACG1000-AK230 gateway, a network device under the H3C portfolio. The root cause lies in the application incorporating unsanitized user input directly into system commands. Exploiting this flaw, attackers can execute arbitrary operating system commands to gain full server control without authorization. If successfully exploited, this vulnerability could lead to the theft or modification of sensitive data (such as configuration files and credentials). The server may be remotely hijacked to become a "zombie" or mining rig. Furthermore, it may facilitate lateral movement into the internal network, potentially paralyzing the entire corporate infrastructure and causing catastrophic consequences for business continuity and data security. |
|---|
| 원천 | ⚠️ https://github.com/leeyper/CVE/issues/1 |
|---|
| 사용자 | leeyper (UID 95962) |
|---|
| 제출 | 2026. 02. 27. AM 06:26 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 11. AM 07:35 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 350353 [H3C ACG1000-AK230 까지 20260227 ?aaa_portal_auth_local_submit suffix 권한 상승] |
|---|
| 포인트들 | 20 |
|---|