H3C Magic NX15
Easy fix4 remedies
Easy fix4 remedies
- <= V100R014
H3C Magic Series Command Injection Vulnerability in Wi-Fi Routers
Vulnerability
Patched
A command injection vulnerability has been identified in several H3C Magic series routers, including the Magic NX15, NX30 Pro, R3010, BE18000, and NX400, all through V100R014. The vulnerability arises in the HTTP POST request handler for the '/api/wizard/getWifiNeighbour' endpoint. Exploitation of this vulnerability allows an attacker to execute arbitrary commands on the device. The issue must be exploited from within the local network.
Impact
Successful exploitation of this vulnerability allows for unauthorized command execution on the affected device, potentially leading to unauthorized access or control over the device's functions.
Reproduction
To reproduce this vulnerability, send a crafted POST request to the '/api/wizard/getWifiNeighbour' endpoint of the affected router model. This request must be initiated from within the local network.
Remediation
Users are advised to upgrade to the latest firmware version available for their specific router model. Instructions for downloading the update can be found on the H3C official website.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
6.2remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.