Filtered by vendor H3c
Subscriptions
Filtered by product Magic
Subscriptions
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61330 | 1 H3c | 1 Magic | 2025-10-21 | 6.5 Medium |
| A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password at all. Some of these devices have the Telnet service enabled by default, or users can choose to enable the Telnet service in other device management interfaces (e.g. /debug.asp or /debug_telnet.asp). In addition, these devices have related interfaces called Virtual Servers, which can map the devices to the public network, posing the risk of remote attacks. Therefore, attackers can obtain the highest root privileges of the devices through the Telnet service using the weak password hardcoded in the firmware (or without a password), and remote attacks are possible. | ||||
| CVE-2025-10942 | 1 H3c | 1 Magic | 2025-09-26 | 8.8 High |
| A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57578 | 1 H3c | 1 Magic | 2025-09-15 | 8 High |
| An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password | ||||
| CVE-2023-30311 | 1 H3c | 1 Magic | 2025-02-13 | 7.5 High |
| An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2023-34935 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-12-05 | 7.5 High |
| A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34928 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34929 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34930 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34931 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34932 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34933 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34934 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34936 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2023-34937 | 1 H3c | 3 Magic, Magic B1st, Magic B1st Firmware | 2024-11-27 | 7.5 High |
| A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
Page 1 of 1.