CVE-2025-3546

HIGH

H3C Magic NX15, NX30 Pro, NX400, R3010, BE18000 < V100R014 - Command Injection via FCGI_CheckStringIfContainsSemicolon

Title source: llm

Description

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.304585

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.304585

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.524745

Broken Link exploit

https://gist.github.com/isstabber/154661f329e4ae6bfe15dcdc0b932ff3

Vendor Advisory related

https://zhiliao.h3c.com/theme/details/229784

Product patch

https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/

Scores

CVSS v3 8.0

EPSS 0.0020

EPSS Percentile 41.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-74 CWE-77

Status published

Products (5)

h3c/magic_be18000_firmware < 100r014

h3c/magic_nx15_firmware < 100r014

h3c/magic_nx30_pro_firmware < 100r014

h3c/magic_nx400_firmware < 100r014

h3c/magic_r3010_firmware < 100r014

Published Apr 14, 2025

Tracked Since Feb 18, 2026