Primary

Context

H3C Magic B3 Buffer Overflow Vulnerability in AddMacList Function

Vulnerability

A buffer overflow vulnerability has been identified in the H3C Magic B3 router model, affecting firmware versions through 100R002. The vulnerability arises in the AddMacList function within the /goform/aspForm file, where the param argument can be manipulated to cause a buffer overflow. This issue can be exploited remotely, potentially leading to a denial-of-service condition or even arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can disrupt normal operation and potentially allow for remote code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/aspForm endpoint. The request must include the CMD parameter set to 'AddMacList' and the param parameter filled with a payload that exceeds the buffer limit, effectively causing the overflow.

Added: Sep 25, 2025, 11:18 AM

Updated: Sep 25, 2025, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C Magic B3 Buffer Overflow Vulnerability in AddMacList Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating