Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

H3C — Vulnerabilities & Security Advisories 41

Browse all 41 CVE security advisories affecting H3C. AI-powered Chinese analysis, POCs, and references for each vulnerability.

H3C Technologies primarily manufactures networking hardware, including routers, switches, and wireless access points, serving enterprise and service provider infrastructure. With forty-one recorded Common Vulnerabilities and Exposures (CVEs), the vendor’s historical attack surface predominantly features remote code execution (RCE) and cross-site scripting (XSS) flaws within web management interfaces. Privilege escalation vulnerabilities also appear frequently, allowing unauthorized users to gain administrative control over network devices. These defects often stem from insufficient input validation and improper access controls in embedded web servers. While no single catastrophic incident has defined the brand’s security posture, the consistent presence of RCE and authentication bypass issues highlights systemic weaknesses in firmware development and secure coding practices. The cumulative risk suggests that legacy devices may remain vulnerable if not promptly patched, emphasizing the need for rigorous network segmentation and continuous monitoring to mitigate potential exploitation of these known software defects.

Top products by H3C: Magic NX15 SecCenter SMP-E1114P02 Magic B1 GR-5400AX Magic NX30 Pro GR-3000AX Magic B0 R160 GR-1100-P GR-1800AX R2+ProG Magic R200G M2 NAS Magic B3 ACG1000-AK230
CVE IDTitleCVSSSeverityPublished
CVE-2026-6581 H3C Magic B1 aspForm SetMobileAPInfoById buffer overflow — Magic B1CWE-120 8.8 High2026-04-19
CVE-2026-6563 H3C Magic B1 aspForm SetAPWifiorLedInfoById buffer overflow — Magic B1CWE-120 8.8 High2026-04-19
CVE-2026-6560 H3C Magic B0 aspForm Edit_BasicSSID buffer overflow — Magic B0CWE-120 8.8 High2026-04-19
CVE-2026-3943 H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection — ACG1000-AK230CWE-77 7.3 High2026-03-11
CVE-2026-3701 H3C Magic B1 aspForm Edit_BasicSSID_5G buffer overflow — Magic B1CWE-120 8.8 High2026-03-08
CVE-2025-14196 H3C Magic B1 aspForm sub_44de0 buffer overflow — Magic B1CWE-120 8.8 High2025-12-07
CVE-2025-14015 H3C Magic B0 aspForm EditWlanMacList buffer overflow — Magic B0CWE-120 8.8 High2025-12-04
CVE-2025-10942 H3C Magic B3 aspForm EditMacList buffer overflow — Magic B3CWE-120 8.8 High2025-09-25
CVE-2025-8907 H3C M2 NAS Webserver Configuration unnecessary privileges — M2 NASCWE-250 7.0 High2025-08-13
CVE-2025-6091 H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow — GR-3000AXCWE-120 8.8 High2025-06-15
CVE-2025-6090 H3C GR-5400AX aspForm UpdateIpv6params buffer overflow — GR-5400AXCWE-120 8.8 High2025-06-15
CVE-2025-5162 H3C SecCenter SMP-E1114P02 importFile unrestricted upload — SecCenter SMP-E1114P02CWE-434 6.3 Medium2025-05-26
CVE-2025-5161 H3C SecCenter SMP-E1114P02 download operationDailyOut path traversal — SecCenter SMP-E1114P02CWE-22 4.3 Medium2025-05-26
CVE-2025-5160 H3C SecCenter SMP-E1114P02 download path traversal — SecCenter SMP-E1114P02CWE-22 4.3 Medium2025-05-26
CVE-2025-5159 H3C SecCenter SMP-E1114P02 download path traversal — SecCenter SMP-E1114P02CWE-22 4.3 Medium2025-05-25
CVE-2025-5158 H3C SecCenter SMP-E1114P02 downloadSoftware path traversal — SecCenter SMP-E1114P02CWE-22 4.3 Medium2025-05-25
CVE-2025-5157 H3C SecCenter SMP-E1114P02 fileContent path traversal — SecCenter SMP-E1114P02CWE-22 4.3 Medium2025-05-25
CVE-2025-5156 H3C GR-5400AX aspForm EditWlanMacList buffer overflow — GR-5400AXCWE-120 8.8 High2025-05-25
CVE-2025-4998 H3C Magic R200G HTTP POST Request aspForm EditWlanMacList denial of service — Magic R200GCWE-404 6.5 Medium2025-05-20
CVE-2025-4997 H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service — R2+ProGCWE-404 6.5 Medium2025-05-20
CVE-2025-4446 H3C GR-5400AX aspForm Edit_List_SSID buffer overflow — GR-5400AXCWE-120 8.0 High2025-05-09
CVE-2025-4440 H3C GR-1800AX aspForm EnableIpv6 buffer overflow — GR-1800AXCWE-120 8.0 High2025-05-08
CVE-2025-3854 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow — GR-3000AXCWE-120 8.0 High2025-04-22
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-13
CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-13
CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-13

This page lists every published CVE security advisory associated with H3C. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.