1840 matches found
CVE-2025-3854
A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/EditListSSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argume...
CVE-2025-3854
A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/EditListSSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argume...
CVE-2025-3854 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow
A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/EditListSSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argume...
CVE-2025-3854
CVE-2025-3854 affects H3C GR-3000AX (up to V100R006). The vulnerability lies in the HTTP POST Request Handler, specifically the functions EnableIpv6, UpdateWanModeMulti, UpdateIpv6Params, EditWlanMacList, and Edit_List_SSID in the file /goform/aspForm. Manipulation of the param argument leads to ...
CVE-2025-3854 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow
A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/EditListSSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argume...
PT-2025-17476 · H3C · H3C Gr-3000Ax
Name of the Vulnerable Software and Affected Versions: H3C GR-3000AX versions up to V100R006 Description: A critical vulnerability was found in the HTTP POST Request Handler component of H3C GR-3000AX. The affected function is EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit Li...
CVE-2025-3546
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POS...
CVE-2025-3542
A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...
CVE-2025-3543
A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGIWizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The...
CVE-2025-3546
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POS...
CVE-2025-3546
The CVE-2025-3546 entry concerns H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to V100R014. Affects the function FCGI_CheckStringIfContainsSemicolon in the HTTP POST Request Handler’s /api/wizard/getLanguage. Root cause is command injection via this function, with exploitation feasible o...
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POS...
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POS...
CVE-2025-3543
A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGIWizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The...
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. T...
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. T...
CVE-2025-3545
The CVE-2025-3545 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010 and BE18000 up to V100R014. The flaw is in FCGI_CheckStringIfContainsSemicolon within the /api/wizard/setLanguage HTTP POST Request Handler, enabling command injection from within the local network. Multiple sources co...
CVE-2025-3544
The CVE-2025-3544 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 devices up to version V100R014. It targets the FCGI_CheckStringIfContainsSemicolon function in the HTTP POST Request Handler, specifically in /api/wizard/getCapabilityWeb, enabling command injection. An at...
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler...
CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection
A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGIWizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The...