CVE-2025-2728

8.0 HIGH

Published: March 25, 2025 Modified: April 15, 2026

Description

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. It is recommended to upgrade the affected component.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/RK1Y8/cve_cve/blob/main/h3c.md

Source: cna@vuldb.com

https://vuldb.com/?ctiid.300748

Source: cna@vuldb.com

https://vuldb.com/?id.300748

Source: cna@vuldb.com

https://vuldb.com/?submit.520462

Source: cna@vuldb.com

https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/

Source: cna@vuldb.com

https://zhiliao.h3c.com/theme/details/229784

Source: cna@vuldb.com

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.0 / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-74 CWE-77

Related CVEs

CVE-2026-6398 N/A

CVE-2026-40261 8.8

CVE-2026-40186 6.1

CVE-2026-40176 7.8

CVE-2026-40173 9.4