CVE-2026-15479

HIGH

H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery

Title source: cna
STIX 2.1

Description

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-377785 | H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery
https://vuldb.com/vuln/377785
Signature, Permissions Required signature permissions-required
VDB-377785 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377785/cti
Third Party Advisory third-party-advisory
CVE-2026-15479 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15479
Third Party Advisory third-party-advisory
Submit #837069 | H3C NX15 V100R017 Incorrect Access Control
https://vuldb.com/submit/837069

Scores

CVSS v3 7.3
EPSS 0.0028
EPSS Percentile 19.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-640
Status published
Products (1)
H3C/NX15 V100R017
Published Jul 12, 2026
Tracked Since Jul 12, 2026