CVE-2026-10259

HIGH

H3C Magic B0 aspForm SetMobileAPInfoById stack-based overflow

Title source: cna

Description

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367539 | H3C Magic B0 aspForm SetMobileAPInfoById stack-based overflow

https://vuldb.com/vuln/367539

Signature, Permissions Required signature permissions-required

VDB-367539 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367539/cti

Third Party Advisory third-party-advisory

CVE-2026-10259 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10259

Third Party Advisory third-party-advisory

Submit #824402 | H3C Magic B0 <=100R002 Buffer Overflow

https://vuldb.com/submit/824402

Related related

https://github.com/666324/H3C-Magic-B0-vuln

View Writeup ZIP pw:eip

Exploit exploit

https://github.com/666324/H3C-Magic-B0-vuln/tree/main/H3C-Magic%20B0-vuln

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0081

EPSS Percentile 51.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119 CWE-121

Status published

Products (1)

H3C/Magic B0 100R002

Published Jun 01, 2026

Tracked Since Jun 01, 2026