Filtered by vendor H3c
Subscriptions
Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5160 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.3 Medium |
| A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5159 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.3 Medium |
| A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5158 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.3 Medium |
| A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5157 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.3 Medium |
| A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5156 | 1 H3c | 2 Gr-5400ax, Gr-5400ax Firmware | 2025-06-03 | 8.8 High |
| A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5162 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile_2 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5161 | 1 H3c | 1 Seccenter Smp-1114p02 | 2025-06-03 | 4.3 Medium |
| A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42639 | 1 H3c | 3 Gr-1100-p, Gr1100-p, Gr1100-p Firmware | 2025-05-27 | 9.8 Critical |
| H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-57471 | 1 H3c | 2 N12, N12 Firmware | 2025-05-27 | 9.8 Critical |
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57479 | 1 H3c | 2 N12, N12 Firmware | 2025-05-27 | 9.8 Critical |
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57482 | 1 H3c | 2 N12, N12 Firmware | 2025-05-27 | 9.8 Critical |
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57473 | 1 H3c | 2 N12, N12 Firmware | 2025-05-27 | 9.8 Critical |
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-57480 | 1 H3c | 2 N12, N12 Firmware | 2025-05-27 | 9.8 Critical |
| H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | ||||
| CVE-2024-38902 | 1 H3c | 2 Magic R230, Magic R230 Firmware | 2025-05-27 | 9.8 Critical |
| H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-38903 | 1 H3c | 2 Magic R230, Magic R230 Firmware | 2025-05-27 | 4.1 Medium |
| H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. | ||||
| CVE-2024-42637 | 1 H3c | 2 R3010, R3010 Firmware | 2025-05-27 | 9.8 Critical |
| H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2013-4840 | 2 H3c, Hp | 17 F1000-e Vpn Firewall, S5820 Secblade Vpn Firewall Module, S7500e Secblade Vpn Firewall Module and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2022-45963 | 1 H3c | 22 Secpath F100-c-g3, Secpath F100-c-g3 Firmware, Secpath F500-6gw and 19 more | 2025-04-11 | 9.8 Critical |
| h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. | ||||
| CVE-2024-42638 | 1 H3c | 2 Magic B1st, Magic B1st Firmware | 2025-03-17 | 9.8 Critical |
| H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-52765 | 1 H3c | 2 Gr-1800ax, Gr-1800ax Firmware | 2025-03-13 | 9.8 Critical |
| H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | ||||