H3c
Products
7- 7 CVEs
- 6 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52765 | Cri | 0.65 | 9.8 | 0.11 | Nov 20, 2024 | H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | ||
| CVE-2025-6090 | Hig | 0.57 | 8.8 | 0.01 | Jun 15, 2025 | A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be… | ||
| CVE-2025-5156 | Hig | 0.57 | 8.8 | 0.01 | May 25, 2025 | A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be launched remotely.… | ||
| CVE-2025-2725 | Hig | 0.53 | 8.0 | 0.09 | Mar 25, 2025 | A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The… | ||
| CVE-2025-4446 | Hig | 0.52 | 8.0 | 0.01 | May 9, 2025 | A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within… | ||
| CVE-2025-4440 | Hig | 0.52 | 8.0 | 0.01 | May 8, 2025 | A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local network is required for this… | ||
| CVE-2025-3546 | Hig | 0.52 | 8.0 | 0.02 | Apr 14, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the… | ||
| CVE-2025-3545 | Hig | 0.52 | 8.0 | 0.01 | Apr 14, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST… | ||
| CVE-2025-3544 | Hig | 0.52 | 8.0 | 0.01 | Apr 14, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP… | ||
| CVE-2025-2732 | Hig | 0.52 | 8.0 | 0.01 | Mar 25, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request… | ||
| CVE-2025-2730 | Hig | 0.52 | 8.0 | 0.01 | Mar 25, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The… | ||
| CVE-2025-2726 | Hig | 0.52 | 8.0 | 0.01 | Mar 25, 2025 | A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler.… | ||
| CVE-2025-5162 | Med | 0.41 | 6.3 | 0.00 | May 26, 2025 | A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile_2 leads to… | ||
| CVE-2023-2676 | Med | 0.36 | 5.5 | 0.01 | May 12, 2023 | A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to… | ||
| CVE-2025-5161 | Med | 0.28 | 4.3 | 0.01 | May 26, 2025 | A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path traversal. The attack can… | ||
| CVE-2025-5160 | Med | 0.28 | 4.3 | 0.01 | May 26, 2025 | A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the… | ||
| CVE-2025-5159 | Med | 0.28 | 4.3 | 0.01 | May 26, 2025 | A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated… | ||
| CVE-2025-5158 | Med | 0.28 | 4.3 | 0.01 | May 25, 2025 | A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to path traversal. The… | ||
| CVE-2025-5157 | Med | 0.28 | 4.3 | 0.01 | May 25, 2025 | A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the… | ||
| CVE-2023-5142 | Low | 0.24 | 3.7 | 0.02 | Sep 24, 2023 | A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file… |
- risk 0.65cvss 9.8epss 0.11
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be launched remotely.…
- risk 0.53cvss 8.0epss 0.09
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The…
- risk 0.52cvss 8.0epss 0.01
A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local network is required for this…
- risk 0.52cvss 8.0epss 0.02
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The…
- risk 0.52cvss 8.0epss 0.01
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile_2 leads to…
- risk 0.36cvss 5.5epss 0.01
A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to…
- risk 0.28cvss 4.3epss 0.01
A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path traversal. The attack can…
- risk 0.28cvss 4.3epss 0.01
A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to path traversal. The…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the…
- risk 0.24cvss 3.7epss 0.02
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file…