- Description
- A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- 10
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:C/I:C/A:C
- cna@vuldb.com
- CWE-74
- Hype score
- Not currently trending
🚨 CVE-2025-2727 🔴 HIGH (8.7) 🏢 H3C - Magic NX30 Pro 🏗️ V100R007 🔗 https://t.co/3aNnn7KQQy 🔗 https://t.co/H5TMoGJ7pN 🔗 https://t.co/T8Bf5PdMQN 🔗 https://t.co/y3Po5orGWK #CyberCron #VulnAlert #InfoSec https://t.co/Qu0xefd3lj
@cybercronai
26 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2727 - H3C Magic NX30 Pro - HIGH 🚨 🗓️ Date published 2025-03-25 03:15:16 UTC #H3CMagicNX30Pro #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/qq4H0nBbAQ
@vulns_space
25 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2727: HIGH] Critical vulnerability in H3C Magic NX30 Pro up to V100R007 discovered in /api/wizard/getNetworkStatus, allowing command injection remotely. Vendor notified but unresponsive.#cybersecurity,#vulnerability https://t.co/nlIpsxZp1p https://t.co/0DaEQvhiCP
@CveFindCom
25 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-2727 | H3C Magic NX30 Pro up to V100R007 HTTP POST Request getNetworkStatus command injection) has been published on https://t.co/Kz1g0GZhmK
@WolfgangSesin
24 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes