CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52765
https://notcve.org/view.php?id=CVE-2024-52765
20 Nov 2024 — H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. • http://tjr181.com/2024/11/08/H3C%20GR-1800AX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 3CVE-2023-5142 – H3C ER6300G2 Config File userLogin.asp path traversal
https://notcve.org/view.php?id=CVE-2023-5142
24 Sep 2023 — A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. • https://github.com/kuangxiaotu/CVE-H3C-Report • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •