| 标题 | H3C Technologies Co., Ltd. H3C Magic NX15\H3C NX400\H3C Magic R3010\H3C Magic BE18000\H3C Magic NX30 Pro <=V100R014 (Taking NX15 as an example.) Remote command execution |
|---|
| 描述 | In the H3C Magic series products, including H3C Magic NX15, H3C NX400, H3C Magic R3010, H3C Magic BE18000, and H3C Magic NX30 Pro, an attacker can send a specially crafted POST packet to the /api/wizard/getDualbandSync route without authorization, allowing them to obtain the highest privileges on the device. |
|---|
| 来源 | ⚠️ https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md |
|---|
| 用户 | Qwen (UID 82796) |
|---|
| 提交 | 2025-03-14 10時46分 (1 年前) |
|---|
| 管理 | 2025-03-24 13時59分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 300751 [H3C Magic BE18000 直到 V100R014 HTTP POST Request getDualbandSync 权限提升] |
|---|
| 积分 | 17 |
|---|