PT-2025-3451 · H3C · H3C N12
Published
2025-01-14
·
Updated
2025-03-20
·
CVE-2024-57473
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
H3C N12 version V100R005
Description
The issue is due to a lack of length verification in the mac address editing function, which can cause a buffer overflow. Attackers who successfully exploit this can cause the remote target device to crash or execute arbitrary commands by sending a POST request to "/bin/webs".
Recommendations
For H3C N12 version V100R005, consider disabling the mac address editing function until a patch is available. Restrict access to the "/bin/webs" endpoint to minimize the risk of exploitation. Avoid using the mac address editing function in the affected device until the issue is resolved.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
H3C N12