An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.
In the H3C M102G wireless controller (software version HM1A0V200R010) and BA1500L access point (SWBA1A0V100R006), the vsftpd server is improperly configured — files uploaded via FTP in anonymous mode are automatically assigned as root user ownership. The error is classified as CWE-276 (incorrect default permissions). An attacker can upload a malicious file via FTP without providing authentication credentials, and then — using the root privileges assigned to the uploaded file — take control of the device.
An unauthenticated remote attacker can obtain root-level privileges on the device, enabling complete takeover of the wireless network controller or access point, including configuration modification, network traffic interception, and further attacks on the infrastructure.
Apply patches available from the manufacturer according to the references. As an interim remedial measure, it is recommended to disable anonymous FTP access on devices or completely disable the vsftpd service if not required, and restrict access to the FTP port at the firewall level to trusted IP addresses only.
H3C M102G Wireless Controller with software HM1A0V200R010 and H3C Magic BA1500L Wireless Access Point with software SWBA1A0V100R006
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HH3c Magic Ba1500l
HWH3Cwszystkie wersjeH3c Magic Ba1500l Firmware
OSH3Cswba1a0v100r006H3c Mc102 G
HWH3Cwszystkie wersjeH3c Mc102 G Firmware
OSH3Chm1a0v200r010
Related vulnerabilities
Buffer overflow w H3C N12 — RCE przez brak walidacji długości danych
Buffer overflow w H3C N12 — zdalne wykonanie kodu przez funkcję aktualizacji MAC
Buffer overflow w H3C N12 – RCE przez funkcję edycji adresu MAC
Buffer overflow w H3C N12 — RCE przez sieć bezprzewodową 2.4G
Buffer overflow w H3C N12 — RCE przez POST request do /bin/webs