Description
A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References (5)
Core 5
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.334616
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.334616
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.699387
Various Sources related
https://github.com/lin-3-start/lin-cve/blob/main/H3C%20Magic%20B1/H3C%20Magic%20B1.md
Scores
CVSS v3
8.8
EPSS
0.0008
EPSS Percentile
24.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-120
Status
published
Products (1)
H3C/Magic B1
100R004
Published
Dec 07, 2025
Tracked Since
Feb 18, 2026