CVE-2026-9393

A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function EditBasicSSID5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The...

EUVD-2026-23684

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function EditBasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2026-6560

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function EditBasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2026-3943

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

EUVD-2022-39225

Malicious code in bioql PyPI...

CVE-2025-57295

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access ca...

CVE-2025-57577

An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt users to change any initial credentials upon first use. At most, this would be a case of...

CVE-2025-57577

An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt users to change any initial credentials upon first use. At most, this would be a case of...

CVE-2025-57577

CVE-2025-57577 affects H3C Device R365V300R004, where remote attackers could execute arbitrary code via the default password. The issue stems from not changing initial credentials, enabling code execution over the network. Practical impact is high: full system compromise if exploited. Remediation...

CVE-2025-57578

An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password...

CVE-2025-57577

An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt users to change any initial credentials upon first use. At most, this would be a case of...

PT-2025-37335

Name of the Vulnerable Software and Affected Versions: H3C Device versions R365V300R004 Description: An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. Recommendations: Change the default password for H3C Device version R365V300R004...

CVE-2025-8907 H3C M2 NAS Webserver Configuration unnecessary privileges

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

CVE-2023-24093

An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password...

CVE-2022-37070

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList...

CVE-2022-36513

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist...

CVE-2022-36515

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist...

CVE-2022-36501

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat...

CVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to...