CVE-2026-3943

Name of the Vulnerable Software and Affected Versions H3C ACG1000-AK230 versions up to 20260227

Description A flaw exists in H3C ACG1000-AK230 that allows for command injection. The issue is located in an unknown part of the file /webui/?aaa portal auth local submit. Manipulation of the suffix argument in this file can lead to remote code execution. The exploit for this issue has been publicly released.

Recommendations Versions up to 20260227 should be updated when a fix becomes available. As a temporary workaround, consider restricting access to the /webui/?aaa portal auth local submit file to minimize the risk of exploitation.