Primary

Context

H3C Magic B1 Buffer Overflow Vulnerability in Firmware through 100R004

Vulnerability

A buffer overflow vulnerability has been identified in the H3C Magic B1 router, in firmware versions through 100R004. The issue arises in the function sub_44de0 within the file /goform/aspForm. The vulnerability allows for remote exploitation by manipulating the 'param' argument, leading to potential denial-of-service conditions and arbitrary code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to memory corruption. This type of vulnerability is often exploited to execute arbitrary code or cause a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/aspForm endpoint. The request must include a 'CMD' parameter and a 'param' parameter with a payload that exceeds the buffer length, effectively causing the buffer overflow.

Added: Dec 7, 2025, 4:18 PM

Updated: Dec 7, 2025, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C Magic B1 Buffer Overflow Vulnerability in Firmware through 100R004

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating