CVE-2022-28940
HIGHH3C MagicR100 <=V100R005 - Unauthenticated Denial of Service via Ajax Interface
Title source: llmDescription
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/zhefox/0day/blob/main/%E6%96%B0%E5%8D%8E%E4%B8%89magicR100%E5%AD%98%E5%9C%A8DOS%E6%94%BB%E5%87%BB%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md
Scores
CVSS v3
7.5
EPSS
0.0030
EPSS Percentile
53.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
h3c/magic_r100_firmware
< v100r005
Published
May 04, 2022
Tracked Since
Feb 18, 2026