CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2732 – H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
https://notcve.org/view.php?id=CVE-2025-2732
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2731 – H3C Magic BE18000 HTTP POST Request getDualbandSync command injection
https://notcve.org/view.php?id=CVE-2025-2731
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2730 – H3C Magic BE18000 HTTP POST Request getssidname command injection
https://notcve.org/view.php?id=CVE-2025-2730
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2729 – H3C Magic BE18000 HTTP POST Request networkSetup command injection
https://notcve.org/view.php?id=CVE-2025-2729
25 Mar 2025 — A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2025-2728 – H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection
https://notcve.org/view.php?id=CVE-2025-2728
25 Mar 2025 — A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. • https://github.com/RK1Y8/cve_cve/blob/main/h3c.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2727 – H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection
https://notcve.org/view.php?id=CVE-2025-2727
25 Mar 2025 — A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ggstrunk/CVE/blob/main/wizard_getNetworkStatus.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2726 – H3C Magic BE18000 HTTP POST Request esps command injection
https://notcve.org/view.php?id=CVE-2025-2726
25 Mar 2025 — A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2025-2725 – H3C Magic BE18000 HTTP POST Request auth command injection
https://notcve.org/view.php?id=CVE-2025-2725
25 Mar 2025 — A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42638
https://notcve.org/view.php?id=CVE-2024-42638
16 Aug 2024 — H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. • https://palm-vertebra-fe9.notion.site/H3C-Magic-B1STV100R012-was-discovered-to-contain-a-hardcoded-2a648569ee7f4df8b570632d11032337?pvs=74 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38902
https://notcve.org/view.php?id=CVE-2024-38902
24 Jun 2024 — H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Se descubrió que H3C Magic R230 V100R002 contiene una vulnerabilidad de contraseña codificada en /etc/shadow, que permite a los atacantes iniciar sesión como root. • https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/hardcode/README.md • CWE-259: Use of Hard-coded Password •