CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2732 – H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
https://notcve.org/view.php?id=CVE-2025-2732
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2731 – H3C Magic BE18000 HTTP POST Request getDualbandSync command injection
https://notcve.org/view.php?id=CVE-2025-2731
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2730 – H3C Magic BE18000 HTTP POST Request getssidname command injection
https://notcve.org/view.php?id=CVE-2025-2730
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2729 – H3C Magic BE18000 HTTP POST Request networkSetup command injection
https://notcve.org/view.php?id=CVE-2025-2729
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2025-2728 – H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection
https://notcve.org/view.php?id=CVE-2025-2728
25 Mar 2025 — A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/RK1Y8/cve_cve/blob/main/h3c.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2727 – H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection
https://notcve.org/view.php?id=CVE-2025-2727
25 Mar 2025 — A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ggstrunk/CVE/blob/main/wizard_getNetworkStatus.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2726 – H3C Magic BE18000 HTTP POST Request esps command injection
https://notcve.org/view.php?id=CVE-2025-2726
25 Mar 2025 — A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2725 – H3C Magic BE18000 HTTP POST Request auth command injection
https://notcve.org/view.php?id=CVE-2025-2725
25 Mar 2025 — A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52765
https://notcve.org/view.php?id=CVE-2024-52765
20 Nov 2024 — H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. • http://tjr181.com/2024/11/08/H3C%20GR-1800AX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42637
https://notcve.org/view.php?id=CVE-2024-42637
16 Aug 2024 — H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. • https://palm-vertebra-fe9.notion.site/H3C-R3010V100R002L02-was-discovered-to-contain-a-hardcoded-d3212602f84443d4b17e3247b3e6b129 • CWE-798: Use of Hard-coded Credentials •