H3C M2 NAS Unnecessary Privileges Vulnerability in Webserver Configuration

Vulnerability

A vulnerability exists in the H3C M2 NAS V100R006 model, related to the webserver configuration component. This vulnerability allows for execution with unnecessary privileges, potentially leading to unauthorized access or actions. The issue arises from an insecure configuration that grants root permissions to both User and Group properties in the webserver's boa configuration file. As a result, any exploitation of the web interface could immediately provide root access, compromising the entire device. This vulnerability can only be exploited locally, and while the attack's complexity is high, a public exploit is available.

Impact

Exploitation of this vulnerability could lead to total compromise of the device, allowing an attacker to gain root access and control over the system.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C M2 NAS Unnecessary Privileges Vulnerability in Webserver Configuration

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating