Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

H3C — Vulnerabilities & Security Advisories 41

Browse all 41 CVE security advisories affecting H3C. AI-powered Chinese analysis, POCs, and references for each vulnerability.

H3C Technologies primarily manufactures networking hardware, including routers, switches, and wireless access points, serving enterprise and service provider infrastructure. With forty-one recorded Common Vulnerabilities and Exposures (CVEs), the vendor’s historical attack surface predominantly features remote code execution (RCE) and cross-site scripting (XSS) flaws within web management interfaces. Privilege escalation vulnerabilities also appear frequently, allowing unauthorized users to gain administrative control over network devices. These defects often stem from insufficient input validation and improper access controls in embedded web servers. While no single catastrophic incident has defined the brand’s security posture, the consistent presence of RCE and authentication bypass issues highlights systemic weaknesses in firmware development and secure coding practices. The cumulative risk suggests that legacy devices may remain vulnerable if not promptly patched, emphasizing the need for rigorous network segmentation and continuous monitoring to mitigate potential exploitation of these known software defects.

Found 14 results / 41Clear Filters
Top products by H3C: Magic NX15 SecCenter SMP-E1114P02 Magic B1 GR-5400AX Magic NX30 Pro GR-3000AX Magic B0 R160 GR-1100-P GR-1800AX R2+ProG Magic R200G M2 NAS Magic B3 ACG1000-AK230
CVE IDTitleCVSSSeverityPublished
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-14
CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-13
CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-13
CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection — Magic NX15CWE-77 8.0 High2025-04-13
CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection — Magic NX15CWE-77 8.0 High2025-04-13
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection — Magic NX15CWE-77 8.0 High2025-03-25
CVE-2025-2731 H3C Magic BE18000 HTTP POST Request getDualbandSync command injection — Magic NX15CWE-77 8.0 High2025-03-25
CVE-2025-2730 H3C Magic BE18000 HTTP POST Request getssidname command injection — Magic NX15CWE-77 8.0 High2025-03-25
CVE-2025-2729 H3C Magic BE18000 HTTP POST Request networkSetup command injection — Magic NX15CWE-77 8.0 High2025-03-25
CVE-2025-2726 H3C Magic BE18000 HTTP POST Request esps command injection — Magic NX15CWE-77 8.0 High2025-03-25
CVE-2025-2725 H3C Magic BE18000 HTTP POST Request auth command injection — Magic NX15CWE-77 8.0 High2025-03-25

This page lists every published CVE security advisory associated with H3C. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.