| Title | H3C Technologies Co., Ltd. H3C Magic NX30 Pro\H3C NX400 <=V100R014 Remote command execution |
|---|
| Description | In the `H3C Magic` series products, `H3C Magic NX30 Pro` and `H3C NX400` allow an attacker to send a specially crafted `POST` request to the `/api/wizard/getNetworkConf` route without authorization, enabling remote code execution with the highest privileges. |
|---|
| Source | ⚠️ https://github.com/RK1Y8/cve_cve/blob/main/h3c.md |
|---|
| User | xiaopolanzi (UID 82791) |
|---|
| Submission | 03/14/2025 09:23 (1 Year ago) |
|---|
| Moderation | 03/24/2025 13:59 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300748 [H3C Magic NX30 Pro/Magic NX400 up to V100R014 getNetworkConf command injection] |
|---|
| Points | 17 |
|---|