Remote Code Execution Vulnerability in H3C Magic M Device
CVE-2025-57578

8HIGH

Key Information:

Vendor

H3C
Status
Magic M Device
Vendor
CVE Published:
12 September 2025

What is CVE-2025-57578?

A security flaw in the H3C Magic M Device M2V100R006 allows remote attackers to exploit default password configurations, enabling the execution of arbitrary code. This vulnerability emphasizes the need for users to change default credentials to secure their IoT devices effectively.

References

https://github.com/XXRicardo/iot-cve/blob/main/H3C/M2V100...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-57578 : Remote Code Execution Vulnerability in H3C Magic M Device