CVE-2022-28940

Name of the Vulnerable Software and Affected Versions H3C MagicR100 versions V100R005 and earlier

Description The issue allows unauthorized access to the "/Ajax/ajaxget" interface. It can be exploited by sending a large amount of data through ajaxmsg to carry out a denial-of-service (DOS) attack. A DOS attack is a type of cyberattack where an attacker attempts to make a computer or network resource unavailable by overwhelming it with a large amount of traffic.

Recommendations For H3C MagicR100 versions V100R005 and earlier, as a temporary workaround, consider restricting access to the "/Ajax/ajaxget" interface until a patch is available. Avoid using the ajaxmsg variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.