| Title | H3C GR series router system management has unauthorized access vulnerability |
|---|
| Description | The H3C GR series router is a router product of Xinhua San Technology Co., Ltd. There is an unauthorized access vulnerability in the H3C GR series system management, which can be exploited by attackers to construct special request packets to bypass identity verification and obtain sensitive information of routers.
Due to security issues, the following is a list of partial URLs for GR series routers. For specific replication steps, please refer to the reference link:
GR3200:
http://x.x.x.x:8989/
http://x.x.x.x:8989
http://x.x.x.x:8989/
GR5200:
http://x.x.x.x:8989/
http://x.x.x.x:8989/
GR-1200W:
http:// x.x.x.x:9000/
http://x.x.x.x:8989/
GR-1800AX:
http://x.x.x.x:8989/
https://x.x.x.x:1024/
GR8300:
http://x.x.x.x:8688/
http://x.x.x.x:8989/
GR1108-P:
https://x.x.x.x:8989/
http://x.x.x.x:8989/
GR2200:
http://x.x.x.x:8081/
http://x.x.x.x:8989/
GR1100-P:
http://x.x.x.x:9995/
http://x.x.x.x:8989/
|
|---|
| Source | ⚠️ https://github.com/yinsel/CVE-H3C-Report |
|---|
| User | yinsel975 (UID 54073) |
|---|
| Submission | 09/07/2023 17:23 (3 years ago) |
|---|
| Moderation | 09/24/2023 16:06 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 240238 [H3C ER6300G2 up to 20230908 Config File /userLogin.asp path traversal] |
|---|
| Points | 20 |
|---|