H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
The MAC address update function in the device firmware does not verify the length of input data (CWE-120 — classic buffer overflow). An attacker can send a crafted HTTP POST request to the /bin/webs endpoint with an excessively long value, causing a buffer overflow in memory. As a result, it is possible to overwrite process control data and seize control of code execution on the remote device.
An attacker without any authentication can cause a crash of the network device or execute arbitrary system commands (RCE), gaining full control over the device.
Patches available from the manufacturer should be applied according to references. Until the fix is implemented, it is recommended to restrict access to the device management interface (HTTP/HTTPS port) only to trusted hosts using a firewall or ACL lists, and to avoid exposing the management interface on a public network.
H3C N12 with firmware version V100R005
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HH3c N12
HWH3Cwszystkie wersjeH3c N12 Firmware
OSH3C100r005
Related vulnerabilities
Buffer overflow w H3C N12 — RCE przez sieć bezprzewodową 2.4G
Buffer overflow w H3C N12 – RCE przez funkcję edycji adresu MAC
Buffer overflow w H3C N12 — RCE przez brak walidacji długości danych
Buffer overflow w H3C N12 — RCE przez POST request do /bin/webs
Błędna konfiguracja vsftpd w H3C M102G i BA1500L — przejęcie uprawnień root