| Название | H3C Technologies ACG1000-AK230 ACG1000-AK230 Command Injection |
|---|
| Описание | As a leader in digital and AI solutions, H3C Group is committed to being a reliable partner for customer business innovation and digital transformation. However, a critical pre-authentication command execution vulnerability has been identified in the ACG1000-AK230 gateway, a network device under the H3C portfolio. The root cause lies in the application incorporating unsanitized user input directly into system commands. Exploiting this flaw, attackers can execute arbitrary operating system commands to gain full server control without authorization. If successfully exploited, this vulnerability could lead to the theft or modification of sensitive data (such as configuration files and credentials). The server may be remotely hijacked to become a "zombie" or mining rig. Furthermore, it may facilitate lateral movement into the internal network, potentially paralyzing the entire corporate infrastructure and causing catastrophic consequences for business continuity and data security. |
|---|
| Источник | ⚠️ https://github.com/leeyper/CVE/issues/1 |
|---|
| Пользователь | leeyper (UID 95962) |
|---|
| Представление | 27.02.2026 06:26 (1 месяц назад) |
|---|
| Модерация | 11.03.2026 07:35 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 350353 [H3C ACG1000-AK230 до 20260227 ?aaa_portal_auth_local_submit suffix эскалация привилегий] |
|---|
| Баллы | 20 |
|---|