cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25525,https://securityvulnerability.io/vulnerability/CVE-2025-25525,Buffer Overflow in H3C FA3010L Access Points by H3C,"A buffer overflow vulnerability exists in H3C FA3010L access points running SWFA1B0V100R005 due to insufficient length verification. This weakness can be exploited by attackers to manipulate firewall settings, leading to potential crashes of the device or the execution of arbitrary commands. Organizations using the affected devices should take immediate action to secure their networks against this vulnerability.",H3C,H3C FA3010L Access Points,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T00:00:00.000Z,0
CVE-2024-57473,https://securityvulnerability.io/vulnerability/CVE-2024-57473,Buffer Overflow Vulnerability in H3C N12 Router,"The H3C N12 V100R005 vulnerability arises from insufficient length verification in its MAC address editing feature, allowing attackers to exploit this flaw. By sending a carefully crafted POST request to the /bin/webs interface, malicious actors can trigger a buffer overflow, causing the device to crash or execute arbitrary commands. This vulnerability poses a significant risk to the integrity and availability of affected systems.",H3C,,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T23:15:00.000Z,0
CVE-2024-57480,https://securityvulnerability.io/vulnerability/CVE-2024-57480,Buffer Overflow Vulnerability in H3C N12 Router,"The H3C N12 V100R005 router has a buffer overflow vulnerability which arises from inadequate length verification in the access point configuration function. This flaw can be exploited by attackers to send specially crafted POST requests to the device's /bin/webs endpoint, potentially leading to a crash of the remote target or unauthorized execution of arbitrary commands.",H3C,,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T22:15:00.000Z,0
CVE-2024-57479,https://securityvulnerability.io/vulnerability/CVE-2024-57479,Buffer Overflow Vulnerability in H3C N12 Product,"The H3C N12 V100R005 product is susceptible to a buffer overflow vulnerability resulting from inadequate length verification within its MAC address update function. Attackers can exploit this flaw to launch remote attacks by sending specially crafted POST requests to the /bin/webs endpoint, potentially causing device crashes or executing arbitrary commands. Users of the affected product should take immediate action to secure their systems against this type of vulnerability.",H3C,,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T22:15:00.000Z,0
CVE-2024-57482,https://securityvulnerability.io/vulnerability/CVE-2024-57482,Buffer Overflow Vulnerability in H3C N12 V100R005 5G Wireless Network Device,"The H3C N12 V100R005 device exhibits a buffer overflow vulnerability due to insufficient length verification in its 5G wireless network processing mechanism. This flaw permits adversaries to exploit the device by sending malicious POST requests to the /bin/webs endpoint. Successful exploitation could lead to unauthorized access, potential crashes of the device, or even the execution of arbitrary commands, posing significant risks to network integrity and security.",H3C,,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T22:15:00.000Z,0
CVE-2024-57471,https://securityvulnerability.io/vulnerability/CVE-2024-57471,Buffer Overflow Vulnerability in H3C N12 Wireless Network Product,"The H3C N12 V100R005 contains a critical buffer overflow vulnerability due to insufficient length verification within its 2.4G wireless network processing function. An attacker exploiting this vulnerability could send a specially crafted POST request to the /bin/webs endpoint, potentially leading to denial of service attacks through remote device crashes or execution of arbitrary commands, compromising the security of network environments.",H3C,,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T22:15:00.000Z,0
CVE-2024-51175,https://securityvulnerability.io/vulnerability/CVE-2024-51175,Sensitive Information Disclosure in H3C H3C-S1526 Switch,"CVE-2024-51175 identifies a significant security vulnerability in the H3C S1526 switch, where a remote attacker can exploit the system to gain unauthorized access to sensitive configuration data via the S1526.cfg component. This exposure can lead to further attacks on the network, compromising system integrity and data confidentiality. Users and administrators of the H3C S1526 switch should take immediate action to mitigate this risk through updates and implementing appropriate security measures.",H3C,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T22:15:00.000Z,0
CVE-2024-52765,https://securityvulnerability.io/vulnerability/CVE-2024-52765,Remote Code Execution Vulnerability in H3C GR-1800AX by H3C,"The H3C GR-1800AX MiniGRW1B0V100R007 is prone to a remote code execution vulnerability, which can be exploited through the manipulation of the aspForm parameter. This weakness can allow an attacker to execute arbitrary code on the device, potentially compromising system integrity and confidentiality. System administrators should take immediate action to mitigate this risk and safeguard their network infrastructure.",H3c,Gr-1800ax Firmware,9.8,CRITICAL,0.0012799999676644802,false,,false,false,false,,,false,false,,2024-11-20T21:15:00.000Z,0
CVE-2024-42638,https://securityvulnerability.io/vulnerability/CVE-2024-42638,Hardcoded Password Vulnerability Affects H3C Magic B1ST v100R012,"A security flaw has been identified in the H3C Magic B1ST v100R012 relating to hardcoded passwords within the system files. This vulnerability resides in the /etc/shadow file, which allows attackers to exploit the weak security measures in place and gain root access. The presence of a hardcoded password poses significant risks, enabling unauthorized individuals to manipulate system settings, access sensitive data, and compromise overall system integrity. Organizations using H3C Magic B1ST must prioritize implementing measures to protect their environments against potential exploits stemming from this issue.",H3C,Magic B1st Firmware,9.8,CRITICAL,0.0010600000387057662,false,,false,false,false,,,false,false,,2024-08-16T18:15:00.000Z,0
CVE-2024-42637,https://securityvulnerability.io/vulnerability/CVE-2024-42637,Hardcoded Password Vulnerability in H3C R3010 v100R002L02 Allows Root Access,"H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.",H3C,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-16T18:15:00.000Z,0
CVE-2024-42639,https://securityvulnerability.io/vulnerability/CVE-2024-42639,Hardcoded Password Exposes Root Access Vulnerability in H3C GR1100-P v100R009,"H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.",H3C,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-16T18:15:00.000Z,0
CVE-2024-40516,https://securityvulnerability.io/vulnerability/CVE-2024-40516,Remote Code Execution Vulnerability in H3C Magic Routing Product,An identified vulnerability in the H3C Magic RC3000 routing device allows remote attackers to exploit the routing functionality for arbitrary code execution. This threat poses a significant risk to the integrity of network operations and data security. Proper measures should be implemented to mitigate potential exploitation.,"H3C Technologies Co., Limited",H3C Magic RC3000,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T19:15:00.000Z,0
CVE-2024-38902,https://securityvulnerability.io/vulnerability/CVE-2024-38902,Hardcoded Password Vulnerability in H3C Magic R230 Device,"The H3C Magic R230 V100R002 device has been identified with a significant vulnerability due to the presence of a hardcoded password in the /etc/shadow file. This flaw allows unauthorized individuals to gain root access, posing a serious risk to the security of the device and the network it operates within. It is crucial for users to implement immediate remediation measures to safeguard their systems.",H3C,Magic R230,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-24T00:00:00.000Z,0
CVE-2024-38903,https://securityvulnerability.io/vulnerability/CVE-2024-38903,Command Execution Vulnerability in H3C Magic R230 Device,"A command execution vulnerability exists in the H3C Magic R230 V100R002 device due to its UDP server opening port 9034. This flaw allows remote attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and control. Proper configuration and timely updates are essential to mitigate the risks associated with this vulnerability.",H3C,Magic R230,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-24T00:00:00.000Z,0
CVE-2024-33335,https://securityvulnerability.io/vulnerability/CVE-2024-33335,SQL Injection Vulnerability in H3C SeaSQL DWS V2.0,"An SQL Injection vulnerability in H3C's SeaSQL DWS V2.0 allows remote attackers to execute arbitrary code by sending specially crafted data. By exploiting this flaw, attackers could manipulate database queries, potentially leading to unauthorized access, data leakage, and system compromise. Organizations utilizing this product should prioritize mitigating this risk by applying available security patches and following best practices for database security.",H3C,SeaSQL DWS,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-20T17:15:00.000Z,0
CVE-2023-30311,https://securityvulnerability.io/vulnerability/CVE-2023-30311,Hijacking TCP Sessions Could Lead to Denial of Service in H3C Routers,"A vulnerability identified in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions due to improper handling of sequence number leakage. This flaw can be exploited to disrupt normal service, leading to potential denial of service. Attackers may take advantage of this vulnerability to intercept and manipulate traffic, posing significant risks to network integrity and stability.",H3C,,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-28T19:15:00.000Z,0
CVE-2024-32238,https://securityvulnerability.io/vulnerability/CVE-2024-32238,Incorrect Access Control Vulnerability in H3C ER8300G2-X Router,"The H3C ER8300G2-X router is susceptible to an Incorrect Access Control vulnerability that exposes the password for the router's management system. This weakness occurs through the login interface of the management system page, which can potentially allow unauthorized users to gain access to sensitive configurations and data. It is crucial for users of this router to assess their security protocols and implement necessary measures to safeguard against potential exploitation.",H3C,ER8300G2-X,,,0.000590000010561198,false,,false,false,false,,,false,false,,2024-04-22T00:00:00.000Z,0
CVE-2023-5142,https://securityvulnerability.io/vulnerability/CVE-2023-5142,H3C ER6300G2 Config File userLogin.asp path traversal,"A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",H3C,"GR-1100-P,GR-1108-P,GR-1200W,GR-1800AX,GR-2200,GR-3200,GR-5200,GR-8300,ER2100n,ER2200G2,ER3200G2,ER3260G2,ER5100G2,ER5200G2,ER6300G2",5.3,MEDIUM,0.0009699999936856329,false,,false,false,true,2023-10-19T10:09:47.000Z,true,false,false,,2023-09-24T22:15:00.000Z,0
CVE-2023-34936,https://securityvulnerability.io/vulnerability/CVE-2023-34936,Stack Overflow Vulnerability in H3C Magic B1STV100R012,"A stack overflow vulnerability present in the UpdateMacClone function of H3C Magic B1STV100R012 can be exploited by attackers to trigger a Denial of Service (DoS) condition. This occurs as a result of maliciously crafted POST requests that exceed expected data limits, allowing unauthorized users to disrupt service availability and affect operational performance.",H3c,Magic B1st Firmware,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-34932,https://securityvulnerability.io/vulnerability/CVE-2023-34932,Stack Overflow Vulnerability in H3C Magic B1STV100R012,"A stack overflow vulnerability exists in the UpdateWanMode function of H3C Magic B1STV100R012, which can be exploited by attackers sending specially crafted POST requests. This issue may lead to Denial of Service, causing disruptions in network services, making it imperative for users to mitigate potential risks associated with this vulnerability. For further details, please visit the provided reference.",H3c,Magic B1st Firmware,7.5,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-34930,https://securityvulnerability.io/vulnerability/CVE-2023-34930,Stack Overflow Vulnerability in H3C Magic B1STV100R012,"A stack overflow vulnerability exists in the EditMacList function of H3C Magic B1STV100R012, which allows attackers to exploit this flaw by sending a specially crafted POST request. Successful exploitation can lead to a Denial of Service (DoS), making the system unavailable to legitimate users.",H3c,Magic B1st Firmware,7.5,HIGH,0.0013699999544769526,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-34934,https://securityvulnerability.io/vulnerability/CVE-2023-34934,Stack Overflow Vulnerability in H3C Magic Products,"A malicious actor can exploit a stack overflow vulnerability in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 by sending a specially crafted POST request. This exploitation can lead to a Denial of Service (DoS), disrupting normal operations and potentially rendering the device inoperable. Organizations should take proactive measures to mitigate the risks associated with this vulnerability and ensure continuous protection of their network infrastructure.",H3c,Magic B1st Firmware,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-34933,https://securityvulnerability.io/vulnerability/CVE-2023-34933,Stack Overflow Vulnerability in H3C Magic B1STV100R012,"The H3C Magic B1STV100R012 is susceptible to a stack overflow vulnerability located in the UpdateWanParams function. Attackers can exploit this weakness by sending specially crafted POST requests, potentially causing a Denial of Service (DoS) condition. This flaw emphasizes the importance of secure coding practices and timely updates to mitigate the risk of exploitation.",H3c,Magic B1st Firmware,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-34935,https://securityvulnerability.io/vulnerability/CVE-2023-34935,Denial of Service Vulnerability in H3C Magic B1STV100R012,"The H3C Magic B1STV100R012 device is susceptible to a stack overflow vulnerability within the AddWlanMacList function. This flaw can be exploited by attackers through specially crafted POST requests, potentially leading to a Denial of Service (DoS) condition. Organizations using this product should implement necessary security measures to mitigate the risk of exploitation and ensure the integrity and availability of their network services.",H3c,Magic B1st Firmware,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-34937,https://securityvulnerability.io/vulnerability/CVE-2023-34937,Stack Overflow Vulnerability in H3C Magic B1STV100R012,"A vulnerability has been identified in the UpdateSnat function of H3C Magic B1STV100R012, leading to a potential denial of service threat. Attackers can exploit this vulnerability by sending specially crafted POST requests that trigger a stack overflow condition, thereby disrupting normal operations and causing service outages. Organizations using this product should take steps to mitigate the risk associated with this vulnerability.",H3c,Magic B1st Firmware,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0