CVE-2025-61330

Name of the Vulnerable Software and Affected Versions H3C Magic-branded devices (affected versions not specified)

Description A security issue exists in H3C Magic-branded devices due to a hard-coded weak password for the root account, or the absence of a password, in the /etc/shadow configuration. The Telnet service is enabled by default or can be enabled through device management interfaces such as /debug.asp or /debug telnet.asp. Virtual Servers can map the devices to the public network, increasing the risk of remote attacks. Attackers can potentially gain root privileges through the Telnet service using the weak password or by exploiting the lack of a password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.