Buffer Overflow Vulnerability in H3C N12 Product
CVE-2024-57479

9.8CRITICAL

Key Information:

Vendor: H3C
Status: N12 Firmware
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-57479?

The H3C N12 V100R005 product is susceptible to a buffer overflow vulnerability resulting from inadequate length verification within its MAC address update function. Attackers can exploit this flaw to launch remote attacks by sending specially crafted POST requests to the /bin/webs endpoint, potentially causing device crashes or executing arbitrary commands. Users of the affected product should take immediate action to secure their systems against this type of vulnerability.

References

http://h3c.com

https://gist.github.com/XiaoCurry/c7214be67a44a4a8858c513...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025