CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42639
https://notcve.org/view.php?id=CVE-2024-42639
16 Aug 2024 — H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. • https://palm-vertebra-fe9.notion.site/H3C-GR1100-PV100R009-was-discovered-to-contain-a-hardcoded-824141daa44f4c52a914860c6e4a7684 • CWE-259: Use of Hard-coded Password •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 3CVE-2023-5142 – H3C ER6300G2 Config File userLogin.asp path traversal
https://notcve.org/view.php?id=CVE-2023-5142
24 Sep 2023 — A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. • https://github.com/kuangxiaotu/CVE-H3C-Report • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •