CVE-2024-57471

Name of the Vulnerable Software and Affected Versions H3C N12 version V100R005

Description The issue is due to a lack of length verification in the 2.4G wireless network processing function, leading to a buffer overflow. Attackers who successfully exploit this can cause the remote target device to crash or execute arbitrary commands by sending a POST request to "/bin/webs".

Recommendations For H3C N12 version V100R005, as a temporary workaround, consider restricting access to the "/bin/webs" endpoint until a patch is available. Avoid using this endpoint in the affected API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.