Gửi #837069: H3C NX15 V100R017 Incorrect Access Controlthông tin

tiêu đềH3C NX15 V100R017 Incorrect Access Control
Mô tảH3C Magic NX15 firmware NX15V100R017 contains an improper authentication vulnerability in the administrator password modification endpoint. The POST /api/login/modify endpoint is reachable before authentication and is forwarded to the esps.system changepasswd backend without validating the HTTP_AUTHENTICATION session header. A remote attacker who can access the web management interface can send an unauthenticated request to POST /api/login/modify and change the administrator password to an attacker-controlled value. After that, the attacker can log in with the new password, obtain a valid administrator session, and access protected management APIs. The issue was verified on H3C NX15 R017. A request to POST /api/login/modify with {"newPass":"TmpPass123!"} returned {"code":0}, and a subsequent login to POST /api/login/auth with the new password returned a valid session token. Successful exploitation may lead to full device takeover.
Nguồn⚠️ https://github.com/coconut652-7/IOT_Vul_Public/tree/main/H3C/NX15R017/pre_auth_pwd_change
Người dùng
 coconut (UID 98382)
Đệ trình26/05/2026 04:07 (cách đây 2 các tháng)
Kiểm duyệt11/07/2026 11:56 (2 months later)
Trạng tháiđược chấp nhận
Mục VulDB377785 [H3C NX15 V100R017 Administrator Password Modification Endpoint /api/login/modify change_passwd newPass nâng cao đặc quyền]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!