Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2727

A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Published

2025-03-25T03:15:16.450

Last Modified

2025-04-11T20:15:23.200

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

5.1

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-74
CWE-77

Affected Vendors & Products

References

https://github.com/ggstrunk/CVE/blob/main/wizard_getNetworkStatus.md ([email protected])
https://vuldb.com/?ctiid.300747 ([email protected])
https://vuldb.com/?id.300747 ([email protected])
https://vuldb.com/?submit.520394 ([email protected])
https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/ ([email protected])
https://zhiliao.h3c.com/theme/details/229784 ([email protected])