Vulnerabilites related to H3C - Magic NX15
CVE-2025-3542 (GCVE-0-2025-3542)
Vulnerability from cvelistv5
Published
2025-04-13 23:31
Modified
2025-04-14 18:04
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304581 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304581 | signature, permissions-required | |
| https://vuldb.com/?submit.524738 | third-party-advisory | |
| https://gist.github.com/mono7s/dd7a0a1ec444bb2c228590d298e37a5d | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3542",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:02:22.142576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:04:09.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX400 and Magic R3010 bis V100R014 gefunden. Hiervon betroffen ist die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/getsyncpppoecfg der Komponente HTTP POST Request Handler. Mit der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-13T23:31:06.617Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304581 | H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304581"
},
{
"name": "VDB-304581 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304581"
},
{
"name": "Submit #524738 | H3C Technologies Co., Ltd. H3C Magic NX30 Pro \\ Magic NX15 \\ H3C NX400 \\ H3C Magic R3010 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524738"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mono7s/dd7a0a1ec444bb2c228590d298e37a5d"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3542",
"datePublished": "2025-04-13T23:31:06.617Z",
"dateReserved": "2025-04-13T12:28:05.665Z",
"dateUpdated": "2025-04-14T18:04:09.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2726 (GCVE-0-2025-2726)
Vulnerability from cvelistv5
Published
2025-03-25 02:00
Modified
2025-04-11 20:05
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300746 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300746 | signature, permissions-required | |
| https://vuldb.com/?submit.520393 | third-party-advisory | |
| https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_2.md | broken-link, exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:55:24.199783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:59:14.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZIKH26 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /api/esps der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T20:05:24.806Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300746 | H3C Magic BE18000 HTTP POST Request esps command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300746"
},
{
"name": "VDB-300746 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300746"
},
{
"name": "Submit #520393 | H3C Technologies Co., Ltd. H3C Magic NX15\\H3C NX400\\H3C Magic R3010\\H3C Magic BE18000\\H3C Magic NX30 Pro \u003c=V100R014 Remote command execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.520393"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_2.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-11T22:09:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request esps command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2726",
"datePublished": "2025-03-25T02:00:11.956Z",
"dateReserved": "2025-03-24T12:59:20.478Z",
"dateUpdated": "2025-04-11T20:05:24.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3540 (GCVE-0-2025-3540)
Vulnerability from cvelistv5
Published
2025-04-13 22:31
Modified
2025-04-14 18:50
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304579 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304579 | signature, permissions-required | |
| https://vuldb.com/?submit.524734 | third-party-advisory | |
| https://gist.github.com/mono7s/882650a9a9b54bedc374caf8308efef2 | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3540",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:45:09.188566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:50:15.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 bis V100R014 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/getCapability der Komponente HTTP POST Request Handler. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-13T22:31:07.248Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304579 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304579"
},
{
"name": "VDB-304579 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304579"
},
{
"name": "Submit #524734 | H3C Technologies Co., Ltd. Magic NX30 Pro \\ Magic NX15 \\ H3C NX400 \\ H3C Magic R3010 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524734"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mono7s/882650a9a9b54bedc374caf8308efef2"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3540",
"datePublished": "2025-04-13T22:31:07.248Z",
"dateReserved": "2025-04-13T12:27:48.961Z",
"dateUpdated": "2025-04-14T18:50:15.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3544 (GCVE-0-2025-3544)
Vulnerability from cvelistv5
Published
2025-04-14 00:31
Modified
2025-04-14 15:56
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304583 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304583 | signature, permissions-required | |
| https://vuldb.com/?submit.524743 | third-party-advisory | |
| https://gist.github.com/isstabber/05dfeefa3685a369b8802626e0252e27 | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3544",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:55:54.163512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:56:21.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 gefunden. Betroffen davon ist die Funktion FCGI_CheckStringIfContainsSemicolon der Datei /api/wizard/getCapabilityWeb der Komponente HTTP POST Request Handler. Durch Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T00:31:07.721Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304583 | H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304583"
},
{
"name": "VDB-304583 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304583"
},
{
"name": "Submit #524743 | H3C Technologies Co., Ltd. H3C Magic NX30 Pro\\H3C NX400\\H3C NX15\\H3C R3010\\H3C BE18000 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524743"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/isstabber/05dfeefa3685a369b8802626e0252e27"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3544",
"datePublished": "2025-04-14T00:31:07.721Z",
"dateReserved": "2025-04-13T12:28:21.655Z",
"dateUpdated": "2025-04-14T15:56:21.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3545 (GCVE-0-2025-3545)
Vulnerability from cvelistv5
Published
2025-04-14 01:00
Modified
2025-04-14 15:55
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304584 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304584 | signature, permissions-required | |
| https://vuldb.com/?submit.524744 | third-party-advisory | |
| https://gist.github.com/isstabber/cc7bc3281c0f0d6659d2f9934e1c57c1 | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:54:50.340203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:55:20.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Betroffen hiervon ist die Funktion FCGI_CheckStringIfContainsSemicolon der Datei /api/wizard/setLanguage der Komponente HTTP POST Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T01:00:09.263Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304584 | H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304584"
},
{
"name": "VDB-304584 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304584"
},
{
"name": "Submit #524744 | H3C Technologies Co., Ltd. H3C Magic NX30 Pro\\H3C NX400\\H3C NX15\\H3C R3010\\H3C BE18000 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524744"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/isstabber/cc7bc3281c0f0d6659d2f9934e1c57c1"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3545",
"datePublished": "2025-04-14T01:00:09.263Z",
"dateReserved": "2025-04-13T12:28:30.602Z",
"dateUpdated": "2025-04-14T15:55:20.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2732 (GCVE-0-2025-2732)
Vulnerability from cvelistv5
Published
2025-03-25 04:00
Modified
2025-04-11 20:05
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300752 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300752 | signature, permissions-required | |
| https://vuldb.com/?submit.520499 | third-party-advisory | |
| https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md | broken-link, exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:37:53.748810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:41:40.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Qwen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /api/wizard/getWifiNeighbour der Komponente HTTP POST Request Handler. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T20:05:45.701Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300752 | H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300752"
},
{
"name": "VDB-300752 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300752"
},
{
"name": "Submit #520499 | H3C Technologies Co., Ltd. H3C Magic NX15\\H3C NX400\\H3C Magic R3010\\H3C Magic BE18000\\H3C Magic NX30 Pro \u003c=V100R014 (Taking NX15 as an example.) Remote command execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.520499"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_4.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-11T22:09:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2732",
"datePublished": "2025-03-25T04:00:07.714Z",
"dateReserved": "2025-03-24T12:59:37.047Z",
"dateUpdated": "2025-04-11T20:05:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2725 (GCVE-0-2025-2725)
Vulnerability from cvelistv5
Published
2025-03-25 02:00
Modified
2025-04-11 20:05
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300745 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300745 | signature, permissions-required | |
| https://vuldb.com/?submit.520390 | third-party-advisory | |
| https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_1.md | broken-link, exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:21:30.732148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:22:41.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_1.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZIKH26 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /api/login/auth der Komponente HTTP POST Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T20:05:07.420Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300745 | H3C Magic BE18000 HTTP POST Request auth command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300745"
},
{
"name": "VDB-300745 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300745"
},
{
"name": "Submit #520390 | H3C Technologies Co., Ltd. H3C Magic NX15\\H3C NX400\\H3C Magic R3010\\H3C Magic BE18000\\H3C Magic NX30 Pro \u003c=V100R014 Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.520390"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/ZIKH26/CVE-information/blob/master/H3C/Vulnerability%20Information_1.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-11T22:08:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request auth command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2725",
"datePublished": "2025-03-25T02:00:09.925Z",
"dateReserved": "2025-03-24T12:59:17.247Z",
"dateUpdated": "2025-04-11T20:05:07.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2729 (GCVE-0-2025-2729)
Vulnerability from cvelistv5
Published
2025-03-25 03:00
Modified
2025-04-11 20:05
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300749 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300749 | signature, permissions-required | |
| https://vuldb.com/?submit.520494 | third-party-advisory | |
| https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_1.md | broken-link, exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:56:31.783751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:58:49.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Qwen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /api/wizard/networkSetup der Komponente HTTP POST Request Handler. Durch das Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T20:05:39.701Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300749 | H3C Magic BE18000 HTTP POST Request networkSetup command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300749"
},
{
"name": "VDB-300749 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300749"
},
{
"name": "Submit #520494 | H3C Technologies Co., Ltd. H3C Magic NX15\\H3C NX400\\H3C Magic R3010\\H3C Magic BE18000\\H3C Magic NX30 Pro \u003c=V100R014 (Taking NX15 as an example.) Remote command execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.520494"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_1.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-11T22:09:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request networkSetup command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2729",
"datePublished": "2025-03-25T03:00:09.183Z",
"dateReserved": "2025-03-24T12:59:28.444Z",
"dateUpdated": "2025-04-11T20:05:39.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3539 (GCVE-0-2025-3539)
Vulnerability from cvelistv5
Published
2025-04-13 22:00
Modified
2025-04-14 19:15
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304578 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304578 | signature, permissions-required | |
| https://vuldb.com/?submit.521814 | third-party-advisory | |
| https://github.com/isstabber/my_VulnHub/blob/main/h3cNX15/nx15_command_injection.md | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T19:14:21.722738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T19:15:25.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sta8r9 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 entdeckt. Dabei betrifft es die Funktion FCGI_CheckStringIfContainsSemicolon der Datei /api/wizard/getBasicInfo der Komponente HTTP POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-13T22:00:13.331Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304578 | H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304578"
},
{
"name": "VDB-304578 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304578"
},
{
"name": "Submit #521814 | H3C H3C Magic NX30 Pro\\H3C NX400\\H3C NX15\\H3C R3010\\H3C BE18000 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.521814"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/isstabber/my_VulnHub/blob/main/h3cNX15/nx15_command_injection.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:32:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3539",
"datePublished": "2025-04-13T22:00:13.331Z",
"dateReserved": "2025-04-13T12:25:48.408Z",
"dateUpdated": "2025-04-14T19:15:25.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3543 (GCVE-0-2025-3543)
Vulnerability from cvelistv5
Published
2025-04-14 00:00
Modified
2025-04-14 17:14
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304582 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304582 | signature, permissions-required | |
| https://vuldb.com/?submit.524739 | third-party-advisory | |
| https://gist.github.com/mono7s/9369a3ef060b5655303cd234ba583bb5 | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3543",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:11.281811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:14:07.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 bis V100R014 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/setsyncpppoecfg der Komponente HTTP POST Request Handler. Durch die Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T00:00:12.283Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304582 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304582"
},
{
"name": "VDB-304582 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304582"
},
{
"name": "Submit #524739 | H3C Technologies Co., Ltd. H3C Magic NX30 Pro \\ Magic NX15 \\ H3C NX400 \\ H3C Magic R3010 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524739"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mono7s/9369a3ef060b5655303cd234ba583bb5"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3543",
"datePublished": "2025-04-14T00:00:12.283Z",
"dateReserved": "2025-04-13T12:28:14.168Z",
"dateUpdated": "2025-04-14T17:14:07.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3541 (GCVE-0-2025-3541)
Vulnerability from cvelistv5
Published
2025-04-13 23:00
Modified
2025-04-14 18:30
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304580 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304580 | signature, permissions-required | |
| https://vuldb.com/?submit.524737 | third-party-advisory | |
| https://gist.github.com/mono7s/fcbc1f02d69547704cc9027b29e51c73 | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3541",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:28:55.859016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:30:38.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 bis V100R014 entdeckt. Davon betroffen ist die Funktion FCGI_WizardProtoProcess der Datei /api/wizard/getSpecs der Komponente HTTP POST Request Handler. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-13T23:00:14.702Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304580 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304580"
},
{
"name": "VDB-304580 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304580"
},
{
"name": "Submit #524737 | H3C Technologies Co., Ltd. H3C Magic NX30 Pro \\ Magic NX15 \\ H3C NX400 \\ H3C Magic R3010 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524737"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mono7s/fcbc1f02d69547704cc9027b29e51c73"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3541",
"datePublished": "2025-04-13T23:00:14.702Z",
"dateReserved": "2025-04-13T12:27:55.880Z",
"dateUpdated": "2025-04-14T18:30:38.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2731 (GCVE-0-2025-2731)
Vulnerability from cvelistv5
Published
2025-03-25 03:31
Modified
2025-04-11 20:05
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300751 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300751 | signature, permissions-required | |
| https://vuldb.com/?submit.520497 | third-party-advisory | |
| https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md | broken-link, exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:42:14.030517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:42:47.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Qwen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /api/wizard/getDualbandSync der Komponente HTTP POST Request Handler. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T20:05:56.808Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300751 | H3C Magic BE18000 HTTP POST Request getDualbandSync command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300751"
},
{
"name": "VDB-300751 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300751"
},
{
"name": "Submit #520497 | H3C Technologies Co., Ltd. H3C Magic NX15\\H3C NX400\\H3C Magic R3010\\H3C Magic BE18000\\H3C Magic NX30 Pro \u003c=V100R014 (Taking NX15 as an example.) Remote command execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.520497"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_3.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-11T22:09:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request getDualbandSync command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2731",
"datePublished": "2025-03-25T03:31:04.477Z",
"dateReserved": "2025-03-24T12:59:34.140Z",
"dateUpdated": "2025-04-11T20:05:56.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2730 (GCVE-0-2025-2730)
Vulnerability from cvelistv5
Published
2025-03-25 03:00
Modified
2025-04-11 20:05
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.300750 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.300750 | signature, permissions-required | |
| https://vuldb.com/?submit.520495 | third-party-advisory | |
| https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_2.md | broken-link, exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:56:45.414580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:58:35.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Qwen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /api/wizard/getssidname der Komponente HTTP POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T20:05:51.630Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300750 | H3C Magic BE18000 HTTP POST Request getssidname command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.300750"
},
{
"name": "VDB-300750 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300750"
},
{
"name": "Submit #520495 | H3C Technologies Co., Ltd. H3C Magic NX15\\H3C NX400\\H3C Magic R3010\\H3C Magic BE18000\\H3C Magic NX30 Pro \u003c=V100R014 (Taking NX15 as an example.) Remote command execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.520495"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/Qwen11/CVE_store/blob/main/H3C/vulnerability%20Information_2.md"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-11T22:09:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request getssidname command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2730",
"datePublished": "2025-03-25T03:00:11.804Z",
"dateReserved": "2025-03-24T12:59:31.028Z",
"dateUpdated": "2025-04-11T20:05:51.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3546 (GCVE-0-2025-3546)
Vulnerability from cvelistv5
Published
2025-04-14 01:31
Modified
2025-04-14 15:54
Severity ?
8.6 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.304585 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.304585 | signature, permissions-required | |
| https://vuldb.com/?submit.524745 | third-party-advisory | |
| https://gist.github.com/isstabber/154661f329e4ae6bfe15dcdc0b932ff3 | exploit | |
| https://zhiliao.h3c.com/theme/details/229784 | related | |
| https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ | patch |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | H3C | Magic NX15 |
Version: V100R014 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:54:00.579922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:54:23.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX15",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX30 Pro",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic NX400",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic R3010",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
},
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Magic BE18000",
"vendor": "H3C",
"versions": [
{
"status": "affected",
"version": "V100R014"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mono7s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion FCGI_CheckStringIfContainsSemicolon der Datei /api/wizard/getLanguage der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.7,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T01:31:07.222Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-304585 | H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.304585"
},
{
"name": "VDB-304585 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.304585"
},
{
"name": "Submit #524745 | H3C Technologies Co., Ltd. H3C Magic NX30 Pro\\H3C NX400\\H3C NX15\\H3C R3010\\H3C BE18000 \u003c=V100R014 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.524745"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/isstabber/154661f329e4ae6bfe15dcdc0b932ff3"
},
{
"tags": [
"related"
],
"url": "https://zhiliao.h3c.com/theme/details/229784"
},
{
"tags": [
"patch"
],
"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-13T14:33:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3546",
"datePublished": "2025-04-14T01:31:07.222Z",
"dateReserved": "2025-04-13T12:28:38.864Z",
"dateUpdated": "2025-04-14T15:54:23.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}