Primary

Context

H3C Wireless Controller and Access Point vsftpd Misconfiguration Vulnerability Leading to Root Ownership of FTP Uploads

Vulnerability

A misconfiguration vulnerability has been identified in the H3C M102G HM1A0V200R010 wireless controller and the BA1500L SWBA1A0V100R006 wireless access point. This vulnerability involves vsftpd, where files uploaded anonymously via FTP are automatically assigned to the root user. As a result, remote attackers could potentially gain root-level control over the affected devices.

Impact

Exploitation of this vulnerability allows remote attackers to gain root-level control over the affected devices.

Added: Jan 6, 2026, 4:19 PM

Updated: Jan 6, 2026, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C Wireless Controller and Access Point vsftpd Misconfiguration Vulnerability Leading to Root Ownership of FTP Uploads

Vulnerability

Impact

Affected Products

H3C M102G

H3C BA1500L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating