Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for n12_firmware by h3c
CVE-2024-57473 (GCVE-0-2024-57473)
Vulnerability from nvd – Published: 2025-01-14 00:00 – Updated: 2025-03-20 15:42
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:42:32.340921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T15:42:41.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:21:05.603Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/85ae28b7437d24d9c531c970612d3bd8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57473",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-20T15:42:41.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57482 (GCVE-0-2024-57482)
Vulnerability from nvd – Published: 2025-01-14 00:00 – Updated: 2025-01-23 16:25
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:24:59.584587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:25:35.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:00:38.812Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57482",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-23T16:25:35.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57480 (GCVE-0-2024-57480)
Vulnerability from nvd – Published: 2025-01-14 00:00 – Updated: 2025-03-18 17:51
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:47:54.692477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T17:51:26.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:03:45.948Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/16213a4d68f95f17cd0fc2cd07e78a90"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57480",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-18T17:51:26.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57479 (GCVE-0-2024-57479)
Vulnerability from nvd – Published: 2025-01-14 00:00 – Updated: 2025-03-18 15:02
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:49:38.513665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:02:38.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:06:57.154Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/c7214be67a44a4a8858c5138ecd05984"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57479",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:02:38.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57471 (GCVE-0-2024-57471)
Vulnerability from nvd – Published: 2025-01-14 00:00 – Updated: 2025-01-23 16:26
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:25:58.312474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:26:22.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T21:57:21.664Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/88a43c9a68694941221eb7592da39d4c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57471",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-23T16:26:22.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57480 (GCVE-0-2024-57480)
Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-03-18 17:51
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:47:54.692477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T17:51:26.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:03:45.948Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/16213a4d68f95f17cd0fc2cd07e78a90"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57480",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-18T17:51:26.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57473 (GCVE-0-2024-57473)
Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-03-20 15:42
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:42:32.340921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T15:42:41.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:21:05.603Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/85ae28b7437d24d9c531c970612d3bd8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57473",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-20T15:42:41.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57471 (GCVE-0-2024-57471)
Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-01-23 16:26
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:25:58.312474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:26:22.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T21:57:21.664Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/88a43c9a68694941221eb7592da39d4c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57471",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-23T16:26:22.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57479 (GCVE-0-2024-57479)
Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-03-18 15:02
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:49:38.513665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:02:38.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:06:57.154Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/c7214be67a44a4a8858c5138ecd05984"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57479",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:02:38.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57482 (GCVE-0-2024-57482)
Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-01-23 16:25
VLAI?
Summary
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:24:59.584587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:25:35.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T22:00:38.812Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://h3c.com"
},
{
"url": "https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57482",
"datePublished": "2025-01-14T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-23T16:25:35.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}