Buffer Overflow Vulnerability in H3C N12 Router
CVE-2024-57480

9.8CRITICAL

Key Information:

Vendor: H3C
Status: N12 Firmware
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-57480?

The H3C N12 V100R005 router has a buffer overflow vulnerability which arises from inadequate length verification in the access point configuration function. This flaw can be exploited by attackers to send specially crafted POST requests to the device's /bin/webs endpoint, potentially leading to a crash of the remote target or unauthorized execution of arbitrary commands.

References

http://h3c.com

https://gist.github.com/XiaoCurry/16213a4d68f95f17cd0fc2c...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025