CVE-2022-37098

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params...

CVE-2022-37100

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone...

CVE-2022-37068

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal...

CVE-2022-37086

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AspSetTimingtimeWifiAndLed...

CVE-2022-37099

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat...

CVE-2022-37073

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti...

CVE-2022-35416

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

CVE-2019-12193

H3C H3Cloud OS all versions allows SQL injection via the ear/gridevent sidx parameter...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

PT-2026-1438

Name of the Vulnerable Software and Affected Versions H3C M102G HM1A0V200R010 wireless controller H3C BA1500L SWBA1A0V100R006 wireless access point Description A misconfiguration exists in the vsftpd component of the affected devices. This allows remote attackers to gain root-level control over t...

CVE-2025-60262

The CVE-2025-60262 entry applies to H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, due to a misconfiguration in the vsftpd component. The issue allows files uploaded anonymously via FTP to be owned by root, enabling remote attackers to gain root-lev...

H3C M102G 安全漏洞

H3C M102G is an intelligent gateway from China's Xinhua San H3C. A security vulnerability exists in the H3C M102G that stems from an improper configuration of vsftpd, which could allow a remote attacker to gain root-level control of the device...

CVE-2025-60262

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote...

EUVD-2022-55927

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

CVE-2022-50800

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

CVE-2022-50800 H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

CVE-2022-50800 H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

CVE-2022-50800

The CVE-2022-50800 entry concerns H3C SSL VPN, where the login_submit.cgi endpoint’s txtUsrName POST parameter enables user enumeration. Attackers can submit multiple usernames and compare response messages to distinguish existing vs. non-existing accounts, indicating a confidentiality impact and...

H3C SSL VPN 安全漏洞

H3C SSL VPN is a secure session layer VPN from China's Xinhua San H3C. A security vulnerability exists in H3C SSL VPN that stems from a user enumeration vulnerability in the txtUsrName POST parameter, which could lead to the identification of a valid username...