CVE-2026-8764

Vulnerability

A buffer overflow vulnerability exists in the H3C Magic B3 router firmware version up to 100R002. The flaw is located in the UpdateWanParams function within the file /goform/aspForm. The function accepts a param argument but copies it into a fixed 64-byte destination buffer without verifying the length, despite an initial length restriction of 512 bytes. This inconsistency allows an attacker to overflow the buffer by sending a crafted input that exceeds the destination buffer size. [1]

Exploitation

An attacker can exploit this vulnerability remotely without authentication. By sending a crafted HTTP POST request to /goform/aspForm with an overly long param value, the attacker triggers the buffer overflow. The proof-of-concept (PoC) has been publicly disclosed, demonstrating the ease of exploitation. [1]

Impact

Successful exploitation can cause a denial of service (DoS) due to memory corruption. Under specific circumstances, the overflow may be leveraged to achieve remote code execution (RCE), potentially allowing the attacker to gain full control of the device. [1]

Mitigation

The vendor, H3C, was contacted but did not respond, and no official patch or fix has been released as of the publication date. Users should consider restricting network access to the router's web interface, monitoring for unusual activity, or replacing the device if possible. [1]