CVE-2025-2728
HIGHH3C Magic NX30 Pro & Magic NX400 <V100R014 - Command Injection
Title source: llmDescription
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. It is recommended to upgrade the affected component.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.300748
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.300748
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.520462
Various Sources broken-link
https://github.com/RK1Y8/cve_cve/blob/main/h3c.md
Various Sources related
https://zhiliao.h3c.com/theme/details/229784
Various Sources patch
https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/
Scores
CVSS v3
8.0
EPSS
0.0033
EPSS Percentile
56.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-74
CWE-77
Status
published
Products (2)
H3C/Magic NX30 Pro
V100R014
H3C/Magic NX400
V100R014
Published
Mar 25, 2025
Tracked Since
Feb 18, 2026