3 matches found
CVE-2022-50800
The CVE-2022-50800 entry concerns H3C SSL VPN, where the login_submit.cgi endpoint’s txtUsrName POST parameter enables user enumeration. Attackers can submit multiple usernames and compare response messages to distinguish existing vs. non-existing accounts, indicating a confidentiality impact and...
PT-2022-23413 · H3C · H3C Magic Nx18 Plus
Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered via the function UpdateIpv6Params. Recommendations: For version NX18PV100R003, consider disabling the UpdateIpv6Params function as a temporary...
CVE-2022-34607
H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /doping.asp...