H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
The vulnerability (CWE-120) results from lack of input length validation in the 5G network handling function. An attacker sends a specially crafted HTTP POST request to the /bin/webs endpoint, causing a buffer overflow in the device memory. Overwriting memory areas allows code execution redirection or system crash.
An attacker can remotely execute arbitrary system commands (RCE) on the device or cause its complete shutdown, resulting in loss of network availability.
Apply patches available from the manufacturer according to the references. It is recommended to restrict access to the device management interface exclusively to trusted hosts and disable exposure of the administrative panel on untrusted networks until updates are implemented.
H3C N12 with firmware version V100R005
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HH3c N12
HWH3Cwszystkie wersjeH3c N12 Firmware
OSH3C100r005
Related vulnerabilities
Buffer overflow w H3C N12 — RCE przez sieć bezprzewodową 2.4G
Buffer overflow w H3C N12 – RCE przez funkcję edycji adresu MAC
Buffer overflow w H3C N12 — zdalne wykonanie kodu przez funkcję aktualizacji MAC
Buffer overflow w H3C N12 — RCE przez brak walidacji długości danych
Błędna konfiguracja vsftpd w H3C M102G i BA1500L — przejęcie uprawnień root