Leeyper

**Name of the Vulnerable Software and Affected Versions** H3C ACG1000-AK230 versions up to 20260227 **Description** A flaw exists in H3C ACG1000-AK230 that allows for command injection. The issue is located in an unknown part of the file `/webui/?aaa portal auth local submit`. Manipulation of the `suffix` argument in this file can lead to remote code execution. The exploit for this issue has been publicly released. **Recommendations** Versions up to 20260227 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the `/webui/?aaa portal auth local submit` file to minimize the risk of exploitation.