3632 matches found
CVE-2025-3540
CVE-2025-3540 affects H3C Magic NX15, NX30 Pro, NX400 and R3010 up to V100R014. The vulnerability is in the function FCGI_WizardProtoProcess of the HTTP POST endpoint /api/wizard/getCapability , enabling command injection via the POST request. Impact is described as local-network only, with compl...
CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...
CVE-2025-3539
CVE-2025-3539 - Technical summary (mode C) Affected products: H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 up to version V100R014. The vulnerability resides in the function FCGI_CheckStringIfContainsSemicolon of the file "/api/wizard/getBasicInfo" within the HTTP POST Request Handler . Root ca...
PT-2025-16189 · H3C · H3C Magic Be18000 +4
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...
CVE-2025-2732
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...
CVE-2025-2731
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler...
CVE-2025-2729
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to...
CVE-2025-2726
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation...
CVE-2025-2717
A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub41710C of the file /goform/diagnslookup of the component HTTP POST Request Handler. The manipulation of the argument targetaddr leads to os command injection. The...
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...
CVE-2025-2732
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...
CVE-2025-2731 H3C Magic BE18000 HTTP POST Request getDualbandSync command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler...
CVE-2025-2731
The CVE-2025-2731 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to V100R014. It resides in the HTTP POST Request Handler function at /api/wizard/getDualbandSync, where an input manipulation enables command injection. Impact is local-network only, with high severity ...
CVE-2025-2725
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads ...
CVE-2025-2726
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation...
CVE-2025-2730 H3C Magic BE18000 HTTP POST Request getssidname command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to...
CVE-2025-2730 H3C Magic BE18000 HTTP POST Request getssidname command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to...
CVE-2025-2729 H3C Magic BE18000 HTTP POST Request networkSetup command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to...