<0.1% probability · 14.2th percentile — 2026-05-12
Affected versions
H3C Magic B1 up to 100R004
Summary
This vulnerability affects the SetAPWifiorLedInfoById function in the /goform/aspForm endpoint of affected H3C devices. Remote attackers can trigger a buffer overflow by manipulating the param argument, potentially enabling arbitrary code execution on the target device. The exploit is publicly available, and the vendor has not responded to the disclosure.
Remediation
Isolate affected H3C Magic B1 devices from public and untrusted networks until an official patch is released. Check the official H3C security portal regularly for updates and apply any available patches immediately. Consider replacing affected devices if the vendor does not issue a fix within a reasonable timeframe.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. Potential exploit details can be searched in Exploit-DB or GitHub.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.