Xiaopolanzi

**Name of the Vulnerable Software and Affected Versions** H3C Magic NX30 Pro and Magic NX400 up to V100R014 **Description** A critical vulnerability has been found in the unknown code of the file /api/wizard/getNetworkConf, which leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For H3C Magic NX30 Pro and Magic NX400 up to V100R014, consider disabling access to the /api/wizard/getNetworkConf API endpoint until a patch is available. Restrict access to the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.