CVE-2024-57479

CRITICAL

9.8

Description

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/14/2025

Last Modified5/27/2025

Sourcenvd

Honeypot Sightings0

Affected Products

h3c:n12h3c:n12_firmware

Weaknesses (CWE)

CWE-120

References

http://h3c.com(cve@mitre.org)

https://gist.github.com/XiaoCurry/c7214be67a44a4a8858c5138ecd05984(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.