CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

CVE-2025-61330

CVE-2025-61330 affects H3C Magic-branded devices. The root cause is a hard-coded weak password (or no password) for the root account in /etc/shadow, with Telnet enabled by default or user-enabled, and Virtual Servers exposing devices to the public network. This enables remote attacker access to r...

CVE-2025-61330

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...

EUVD-2025-10853

Malicious code in bioql PyPI...

CVE-2025-3539

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...

CVE-2025-3541

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...

CVE-2025-3546

The CVE-2025-3546 entry concerns H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to V100R014. Affects the function FCGI_CheckStringIfContainsSemicolon in the HTTP POST Request Handler’s /api/wizard/getLanguage. Root cause is command injection via this function, with exploitation feasible o...

CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. T...

CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. T...

CVE-2025-3545

The CVE-2025-3545 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010 and BE18000 up to V100R014. The flaw is in FCGI_CheckStringIfContainsSemicolon within the /api/wizard/setLanguage HTTP POST Request Handler, enabling command injection from within the local network. Multiple sources co...

CVE-2025-3544

The CVE-2025-3544 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 devices up to version V100R014. It targets the FCGI_CheckStringIfContainsSemicolon function in the HTTP POST Request Handler, specifically in /api/wizard/getCapabilityWeb, enabling command injection. An at...

CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler...

CVE-2025-3542

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...

CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...

CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...

CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...

PT-2025-16189 · H3C · H3C Magic Be18000 +4

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...

CVE-2025-2729

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to...

CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...