CRITICAL🇵🇱 Wersja polska

CVE-2024-38902

CVSS 9.8v3.1pub. 2024-06-24upd. 2025-05-27

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

🤖 AI Analysis
How it works

The firmware of the H3C Magic R230 V100R002 device contains a fixed, predefined password stored in the /etc/shadow file responsible for storing system user authentication data. An attacker who knows or discovers this password (e.g., through firmware image analysis) can use it to log in to the root account directly on the device. Since the password is identical across all device instances with this software version, compromising one device allows attacks on all other devices with this firmware version.

Impact

An attacker gains full administrative (root) access to the device, enabling complete control over it, modification of network configuration, installation of malicious software, and potential use of the device as an entry point to the internal network (lateral movement).

Mitigation & patch

Apply patches available from the manufacturer according to the references. As an interim measure, it is recommended to isolate the device from public network access, disable unnecessary remote access services, and monitor login attempts to the root account.

Who is affected

H3C Magic R230 with firmware version V100R002

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • H3c Magic R230

    HW
    H3C
    wszystkie wersje
  • H3c Magic R230 Firmware

    OS
    H3C
    100r002
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-38903MEDIUM4.1ten sam produkt

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.

CVE-2025-60262CRITICAL9.8PL ✓ten sam vendor

Błędna konfiguracja vsftpd w H3C M102G i BA1500L — przejęcie uprawnień root

CVE-2024-57473CRITICAL9.8PL ✓ten sam vendor

Buffer overflow w H3C N12 – RCE przez funkcję edycji adresu MAC

CVE-2024-57471CRITICAL9.8PL ✓ten sam vendor

Buffer overflow w H3C N12 — RCE przez sieć bezprzewodową 2.4G

CVE-2024-57479CRITICAL9.8PL ✓ten sam vendor

Buffer overflow w H3C N12 — zdalne wykonanie kodu przez funkcję aktualizacji MAC