24 matches found
EUVD-2025-10853
Malicious code in bioql PyPI...
CVE-2025-3539
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...
CVE-2025-3541
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...
CVE-2025-3546
The CVE-2025-3546 entry concerns H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to V100R014. Affects the function FCGI_CheckStringIfContainsSemicolon in the HTTP POST Request Handler’s /api/wizard/getLanguage. Root cause is command injection via this function, with exploitation feasible o...
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. T...
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. T...
CVE-2025-3545
The CVE-2025-3545 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010 and BE18000 up to V100R014. The flaw is in FCGI_CheckStringIfContainsSemicolon within the /api/wizard/setLanguage HTTP POST Request Handler, enabling command injection from within the local network. Multiple sources co...
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler...
CVE-2025-3544
The CVE-2025-3544 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 devices up to version V100R014. It targets the FCGI_CheckStringIfContainsSemicolon function in the HTTP POST Request Handler, specifically in /api/wizard/getCapabilityWeb, enabling command injection. An at...
CVE-2025-3542
A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...
CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection
A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...
CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...
CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...
PT-2025-16189 · H3C · H3C Magic Be18000 +4
Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...
CVE-2025-2729
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to...
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...
CVE-2025-2731
The CVE-2025-2731 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to V100R014. It resides in the HTTP POST Request Handler function at /api/wizard/getDualbandSync, where an input manipulation enables command injection. Impact is local-network only, with high severity ...
CVE-2025-2730
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to...
CVE-2025-2730 H3C Magic BE18000 HTTP POST Request getssidname command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to...