CRITICAL🇵🇱 Wersja polska

CVE-2024-57479

CVSS 9.8v3.1pub. 2025-01-14upd. 2026-07-05

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

🤖 AI Analysis
How it works

The MAC address update function in the device firmware does not verify the length of input data (CWE-120 — classic buffer overflow). An attacker can send a crafted HTTP POST request to the /bin/webs endpoint with an excessively long value, causing a buffer overflow in memory. As a result, it is possible to overwrite process control data and seize control of code execution on the remote device.

Impact

An attacker without any authentication can cause a crash of the network device or execute arbitrary system commands (RCE), gaining full control over the device.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Until the fix is implemented, it is recommended to restrict access to the device management interface (HTTP/HTTPS port) only to trusted hosts using a firewall or ACL lists, and to avoid exposing the management interface on a public network.

Who is affected

H3C N12 with firmware version V100R005

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • H3c N12

    HW
    H3C
    wszystkie wersje
  • H3c N12 Firmware

    OS
    H3C
    100r005
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-57471CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w H3C N12 — RCE przez sieć bezprzewodową 2.4G

CVE-2024-57473CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w H3C N12 – RCE przez funkcję edycji adresu MAC

CVE-2024-57480CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w H3C N12 — RCE przez brak walidacji długości danych

CVE-2024-57482CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w H3C N12 — RCE przez POST request do /bin/webs

CVE-2025-60262CRITICAL9.8PL ✓ten sam vendor

Błędna konfiguracja vsftpd w H3C M102G i BA1500L — przejęcie uprawnień root