Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SecPath F1000-C8300 by H3C

    CVE-2026-15907 (GCVE-0-2026-15907)

    Vulnerability from nvd – Published: 2026-07-15 23:45 – Updated: 2026-07-16 15:11
    VLAI
    Title
    H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection
    Summary
    A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/379367 vdb-entrytechnical-description
    https://vuldb.com/vuln/379367/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15907 third-party-advisory
    https://vuldb.com/submit/835656 third-party-advisory
    https://ucn9h68n9289.feishu.cn/docx/WCbgdWyJKoibc… exploit
    Impacted products
    Vendor Product Version
    H3C SecPath F1000-C8300 Affected: 20260522
        cpe:2.3:a:h3c:secpath_f1000-c8300:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    bigbrother_man (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15907",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:13:08.892861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:11:57.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h3c:secpath_f1000-c8300:*:*:*:*:*:*:*:*"
              ],
              "product": "SecPath F1000-C8300",
              "vendor": "H3C",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260522"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "bigbrother_man (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T23:45:33.344Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-379367 | H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/379367"
            },
            {
              "name": "VDB-379367 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/379367/cti"
            },
            {
              "name": "CVE-2026-15907 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15907"
            },
            {
              "name": "Submit #835656 | New H3C Technologies Co., Ltd. H3C SecPath F1000-C8300 Series Firewall latest CWE-89 (SQL Injection)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/835656"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://ucn9h68n9289.feishu.cn/docx/WCbgdWyJKoibcZxdsuMcUGKSnpf?from=from_copylink"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-15T21:24:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15907",
        "datePublished": "2026-07-15T23:45:33.344Z",
        "dateReserved": "2026-07-15T19:18:37.918Z",
        "dateUpdated": "2026-07-16T15:11:57.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15907 (GCVE-0-2026-15907)

    Vulnerability from cvelistv5 – Published: 2026-07-15 23:45 – Updated: 2026-07-16 15:11
    VLAI
    Title
    H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection
    Summary
    A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/379367 vdb-entrytechnical-description
    https://vuldb.com/vuln/379367/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15907 third-party-advisory
    https://vuldb.com/submit/835656 third-party-advisory
    https://ucn9h68n9289.feishu.cn/docx/WCbgdWyJKoibc… exploit
    Impacted products
    Vendor Product Version
    H3C SecPath F1000-C8300 Affected: 20260522
        cpe:2.3:a:h3c:secpath_f1000-c8300:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    bigbrother_man (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15907",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T14:13:08.892861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:11:57.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h3c:secpath_f1000-c8300:*:*:*:*:*:*:*:*"
              ],
              "product": "SecPath F1000-C8300",
              "vendor": "H3C",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260522"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "bigbrother_man (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T23:45:33.344Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-379367 | H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/379367"
            },
            {
              "name": "VDB-379367 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/379367/cti"
            },
            {
              "name": "CVE-2026-15907 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15907"
            },
            {
              "name": "Submit #835656 | New H3C Technologies Co., Ltd. H3C SecPath F1000-C8300 Series Firewall latest CWE-89 (SQL Injection)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/835656"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://ucn9h68n9289.feishu.cn/docx/WCbgdWyJKoibcZxdsuMcUGKSnpf?from=from_copylink"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-15T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-15T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-15T21:24:04.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "H3C SecPath F1000-C8300 g=log_fw_nbc_mail_jsondata sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15907",
        "datePublished": "2026-07-15T23:45:33.344Z",
        "dateReserved": "2026-07-15T19:18:37.918Z",
        "dateUpdated": "2026-07-16T15:11:57.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }