CVE-2026-15479
HIGHH3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery
Title source: cnaDescription
A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-377785 | H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recovery
https://vuldb.com/vuln/377785
Signature, Permissions Required signature
permissions-required
VDB-377785 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377785/cti
Third Party Advisory third-party-advisory
CVE-2026-15479 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15479
Third Party Advisory third-party-advisory
Submit #837069 | H3C NX15 V100R017 Incorrect Access Control
https://vuldb.com/submit/837069
Scores
CVSS v3
7.3
EPSS
0.0028
EPSS Percentile
19.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-640
Status
published
Products (1)
H3C/NX15
V100R017
Published
Jul 12, 2026
Tracked Since
Jul 12, 2026