Primary

Context

H3C Magic B0 Buffer Overflow Vulnerability in Edit_BasicSSID Function

Vulnerability

A buffer overflow vulnerability exists in H3C Magic B0 routers running firmware versions through 100R002. The issue arises in the Edit_BasicSSID function within the /goform/aspForm file, where the 'param' argument can be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, potentially causing a denial-of-service condition or allowing for remote code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to a denial-of-service condition or remote code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/aspForm endpoint. The request must include a 'param' field with a payload that exceeds the buffer length, effectively causing a buffer overflow. This can be done using a web browser or a tool like curl, by specifying the appropriate headers and cookie information.

Added: Apr 19, 2026, 7:18 AM

Updated: Apr 19, 2026, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

6.0

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

6.0

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C Magic B0 Buffer Overflow Vulnerability in Edit_BasicSSID Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating