CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42638
https://notcve.org/view.php?id=CVE-2024-42638
16 Aug 2024 — H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. • https://palm-vertebra-fe9.notion.site/H3C-Magic-B1STV100R012-was-discovered-to-contain-a-hardcoded-2a648569ee7f4df8b570632d11032337?pvs=74 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42639
https://notcve.org/view.php?id=CVE-2024-42639
16 Aug 2024 — H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. • https://palm-vertebra-fe9.notion.site/H3C-GR1100-PV100R009-was-discovered-to-contain-a-hardcoded-824141daa44f4c52a914860c6e4a7684 • CWE-259: Use of Hard-coded Password •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40516
https://notcve.org/view.php?id=CVE-2024-40516
16 Jul 2024 — An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. Un problema en H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 permite a un atacante remoto ejecutar código arbitrario a través de la funcionalidad de enrutamiento. • https://gist.github.com/as-lky/2acc62c6283c7a1fe3af046b05091d15 • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38902
https://notcve.org/view.php?id=CVE-2024-38902
24 Jun 2024 — H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Se descubrió que H3C Magic R230 V100R002 contiene una vulnerabilidad de contraseña codificada en /etc/shadow, que permite a los atacantes iniciar sesión como root. • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md • CWE-259: Use of Hard-coded Password •
CVSS: 9.7EPSS: 1%CPEs: 1EXPL: 0CVE-2024-38903
https://notcve.org/view.php?id=CVE-2024-38903
24 Jun 2024 — H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. El udpserver del H3C Magic R230 V100R002 abre el puerto 9034, lo que permite a los atacantes ejecutar comandos arbitrarios. • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33335
https://notcve.org/view.php?id=CVE-2024-33335
20 Jun 2024 — SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. Vulnerabilidad de inyección SQL en H3C SeaSQL DWS v.2.0 permite a un atacante remoto ejecutar código arbitrario a través de un archivo manipulado. • https://gist.github.com/vrhappy/08cb4c8721eed8a74fe786ecdff1ec1e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 72%CPEs: 1EXPL: 1CVE-2024-32238
https://notcve.org/view.php?id=CVE-2024-32238
22 Apr 2024 — H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. H3C ER8300G2-X es vulnerable a un control de acceso incorrecto. Se puede acceder a la contraseña del sistema de administración del enrutador a través de la interfaz de inicio de sesión de la página del sistema de administración. • https://github.com/FuBoLuSec/CVE-2024-32238 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 3CVE-2023-5142 – H3C ER6300G2 Config File userLogin.asp path traversal
https://notcve.org/view.php?id=CVE-2023-5142
24 Sep 2023 — A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. • https://github.com/kuangxiaotu/CVE-H3C-Report • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34928
https://notcve.org/view.php?id=CVE-2023-34928
28 Jun 2023 — A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34928.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-34929
https://notcve.org/view.php?id=CVE-2023-34929
28 Jun 2023 — A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://github.com/h4kuy4/vuln/blob/main/H3C_B1STW/CVE-2023-34929.md • CWE-787: Out-of-bounds Write •