CVE-2024-57480

Name of the Vulnerable Software and Affected Versions H3C N12 version V100R005

Description The issue is due to a lack of length verification in the AP configuration function, leading to a buffer overflow. Attackers can exploit this by sending a POST request to "/bin/webs" to cause the remote target device to crash or execute arbitrary commands.

Recommendations For H3C N12 version V100R005, consider disabling the AP configuration function until a patch is available to prevent exploitation. Restrict access to the "/bin/webs" endpoint to minimize the risk of remote command execution. Avoid using the AP configuration function in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.