| Title | H3C M2 V100R006 Misconfiguration |
|---|
| Description | In H3C M2 NAS (private cloud storage) V100R006, there is a insecure configuration vulnerability. The device sets both User and Group property in the boa webserver configuration file to root permissions. This violates the principle of least privilege. Any exploit in the web interface can immediately grant root access, leading to total device compromise. |
|---|
| Source | ⚠️ https://www.notion.so/23f54a1113e7804bae88e76f9fb0cf5b |
|---|
| User | TPCHECKER (UID 88463) |
|---|
| Submission | 07/29/2025 05:41 (11 months ago) |
|---|
| Moderation | 08/13/2025 07:54 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 319861 [H3C M2 NAS V100R006 Webserver Configuration unnecessary privileges] |
|---|
| Points | 15 |
|---|