| Title | H3C Technologies Co., Ltd. H3C Magic NX30 Pro <=V100R007 Remote code execution |
|---|
| Description | In the H3C Magic series products, H3C Magic NX30 Pro and H3C NX400 allow an attacker to send a specially crafted POST request to the /api/wizard/getNetworkConf route without authorization, enabling remote code execution with the highest privileges. |
|---|
| Source | ⚠️ https://github.com/ggstrunk/CVE/blob/main/wizard_getNetworkStatus.md |
|---|
| User | trunk (UID 82786) |
|---|
| Submission | 03/14/2025 07:03 (1 Year ago) |
|---|
| Moderation | 03/24/2025 13:59 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300747 [H3C Magic NX30 Pro up to V100R007 HTTP POST Request getNetworkStatus command injection] |
|---|
| Points | 16 |
|---|