CVE-2025-3543

H3C Magic NX15, NX30 Pro, NX400 and R3010 (up to V100R014) are affected. The vulnerability lies in FCGI_WizardProtoProcess within the HTTP POST /api/wizard/setsyncpppoecfg, enabling command injection. Access to the local network is required. The exploit has been disclosed publicly. Remediation: u...

CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGIWizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The...

CVE-2025-3542

CVE-2025-3542 affects H3C Magic NX15, Magic NX400 and Magic R3010 (up to V100R014). Vulnerability lies in FCGI_WizardProtoProcess of the HTTP POST Request Handler at /api/wizard/getsyncpppoecfg, enabling command injection. Exploitation requires local-network access. Multiple sources confirm the i...

CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...

CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...

CVE-2025-3541

The CVE-2025-3541 issue affects H3C Magic NX15, NX30 Pro, NX400, and R3010 up to V100R014. The vulnerability resides in the FCGI_WizardProtoProcess function of /api/wizard/getSpecs (HTTP POST Request Handler). Exploitation leads to command injection and requires access from the local network. Mul...

CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...

CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGIWizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation...

CVE-2025-3540

CVE-2025-3540 affects H3C Magic NX15, NX30 Pro, NX400 and R3010 up to V100R014. The vulnerability is in the function FCGI_WizardProtoProcess of the HTTP POST endpoint /api/wizard/getCapability , enabling command injection via the POST request. Impact is described as local-network only, with compl...

CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGIWizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation...

CVE-2025-3539

CVE-2025-3539 - Technical summary (mode C) Affected products: H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 up to version V100R014. The vulnerability resides in the function FCGI_CheckStringIfContainsSemicolon of the file "/api/wizard/getBasicInfo" within the HTTP POST Request Handler . Root ca...

CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...

PT-2025-16189 · H3C · H3C Magic Be18000 +4

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...

CVE-2025-2732

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...

CVE-2025-2731

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler...

CVE-2025-2729

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to...

CVE-2025-2726

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation...

CVE-2025-2717

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub41710C of the file /goform/diagnslookup of the component HTTP POST Request Handler. The manipulation of the argument targetaddr leads to os command injection. The...

CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...

CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The...