PT-2025-16187 · H3C · H3C Magic Nx30 Pro+4
Mono7S
·
Published
2025-04-13
·
Updated
2026-02-10
·
CVE-2025-3546
CVSS v4.0
8.6
High
| Vector | AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
H3C Magic NX15 versions up to V100R014
H3C Magic NX30 Pro versions up to V100R014
H3C Magic NX400 versions up to V100R014
H3C Magic R3010 versions up to V100R014
H3C Magic BE18000 versions up to V100R014
Description:
A critical issue has been found, affecting the function
FCGI CheckStringIfContainsSemicolon of the file "/api/wizard/getLanguage" in the component HTTP POST Request Handler. This leads to command injection. The attack can only be done within the local network.Recommendations:
For H3C Magic NX15 versions up to V100R014, upgrade the affected component.
For H3C Magic NX30 Pro versions up to V100R014, upgrade the affected component.
For H3C Magic NX400 versions up to V100R014, upgrade the affected component.
For H3C Magic R3010 versions up to V100R014, upgrade the affected component.
For H3C Magic BE18000 versions up to V100R014, upgrade the affected component.
As a temporary workaround, consider disabling the
FCGI CheckStringIfContainsSemicolon function until a patch is available.
Restrict access to the "/api/wizard/getLanguage" endpoint to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
H3C Magic Be18000
H3C Magic Nx15
H3C Magic Nx30 Pro
H3C Magic Nx400
H3C Magic R3010