H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
An attacker sends a specially crafted HTTP POST request to the /bin/webs endpoint of the H3C N12 device. The lack of data length validation in the function processing 2.4G wireless network settings causes a buffer overflow (CWE-120). This allows overwriting process memory and potentially hijacking control of its execution flow.
An attacker can cause a remote device crash or execute arbitrary commands on it (RCE — Remote Code Execution). The vulnerability requires no authentication or user interaction.
Apply patches available from the manufacturer according to the references. As a temporary workaround, it is recommended to restrict access to the device management interface (web panel) exclusively to trusted hosts using firewall rules and isolate the device from untrusted network segments.
H3C N12 with firmware version V100R005
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HH3c N12
HWH3Cwszystkie wersjeH3c N12 Firmware
OSH3C100r005
Related vulnerabilities
Buffer overflow w H3C N12 – RCE przez funkcję edycji adresu MAC
Buffer overflow w H3C N12 — zdalne wykonanie kodu przez funkcję aktualizacji MAC
Buffer overflow w H3C N12 — RCE przez brak walidacji długości danych
Buffer overflow w H3C N12 — RCE przez POST request do /bin/webs
Błędna konfiguracja vsftpd w H3C M102G i BA1500L — przejęcie uprawnień root