CVE-2024-57479

Name of the Vulnerable Software and Affected Versions H3C N12 version V100R005

Description The issue is due to a lack of length verification in the mac address update function, leading to a buffer overflow. Attackers who successfully exploit this can cause the remote target device to crash or execute arbitrary commands by sending a POST request to "/bin/webs".

Recommendations For H3C N12 version V100R005, as a temporary workaround, consider restricting access to the "/bin/webs" endpoint until a patch is available. Additionally, disabling the mac address update function can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.