H3C Magic Products Command Injection Vulnerability

A critical command injection vulnerability has been identified in several H3C Magic series products, including the NX15, NX30 Pro, NX400, R3010, and BE18000, all prior to specific version releases. The vulnerability resides in the HTTP POST request handler, specifically within the 'getCapabilityWeb' API endpoint. Exploitation of this vulnerability requires access to the local network.

Impact

Exploitation of this vulnerability allows for unauthorized command injection, potentially leading to remote code execution with elevated privileges on the affected device.

Reproduction

To reproduce this vulnerability, send a crafted HTTP POST request to the '/api/wizard/getCapabilityWeb' endpoint. The request must be made from within the local network, either via a wired connection or over Wi-Fi, and may require bypassing the device's wireless password if using a wireless connection.

Remediation

Users are advised to upgrade to the latest firmware versions available for their specific H3C Magic product. Instructions for downloading the updated firmware can be found on the H3C official website.