Gửi #768850: H3C Technologies ACG1000-AK230 ACG1000-AK230 Command Injectionthông tin

tiêu đềH3C Technologies ACG1000-AK230 ACG1000-AK230 Command Injection
Mô tảAs a leader in digital and AI solutions, H3C Group is committed to being a reliable partner for customer business innovation and digital transformation. However, a critical pre-authentication command execution vulnerability has been identified in the ACG1000-AK230 gateway, a network device under the H3C portfolio. The root cause lies in the application incorporating unsanitized user input directly into system commands. Exploiting this flaw, attackers can execute arbitrary operating system commands to gain full server control without authorization. If successfully exploited, this vulnerability could lead to the theft or modification of sensitive data (such as configuration files and credentials). The server may be remotely hijacked to become a "zombie" or mining rig. Furthermore, it may facilitate lateral movement into the internal network, potentially paralyzing the entire corporate infrastructure and causing catastrophic consequences for business continuity and data security.
Nguồn⚠️ https://github.com/leeyper/CVE/issues/1
Người dùng
 leeyper (UID 95962)
Đệ trình27/02/2026 06:26 (cách đây 5 các tháng)
Kiểm duyệt11/03/2026 07:35 (12 days later)
Trạng tháiđược chấp nhận
Mục VulDB350353 [H3C ACG1000-AK230 đến 20260227 ?aaa_portal_auth_local_submit suffix nâng cao đặc quyền]
điểm20

Do you want to use VulDB in your project?

Use the official API to access entries easily!