H3C Magic Devices Hard-Coded Weak Password Vulnerability Allowing Root Access via Telnet

Vulnerability

A vulnerability exists in all Magic-branded devices from H3C, a Chinese network equipment manufacturer, due to the use of hard-coded weak passwords for the root account in the /etc/shadow file, or the complete absence of a password. This issue is particularly concerning because some devices have the Telnet service enabled by default, or allow Telnet to be activated through other management interfaces. Additionally, these devices can be exposed to the public network via Virtual Server interfaces, creating a potential for remote attacks. Exploitation of this vulnerability allows attackers to gain root privileges by accessing the device through Telnet using the weak password or no password at all.

Impact

Exploitation of this vulnerability grants attackers root privileges on the affected devices via the Telnet service.

Added: Oct 16, 2025, 6:26 PM

Updated: Oct 16, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.0

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.0

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C Magic Devices Hard-Coded Weak Password Vulnerability Allowing Root Access via Telnet

Vulnerability

Impact

Affected Products

H3C Magic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating