CVE-2024-57482

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://h3c.com	Product
https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:h3c:n12_firmware:100r005:*:*:*:*:*:*:*

cpe:2.3:h:h3c:n12:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-14 22:15

Updated : 2025-05-27 17:00

NVD link : CVE-2024-57482

Mitre link : CVE-2024-57482

CVE.ORG link : CVE-2024-57482

JSON object : View

Products Affected

h3c

n12_firmware
n12

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2024-57482", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-14T22:15:28.627", "references": [{"url": "http://h3c.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18", "tags": ["Broken Link"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs."}, {"lang": "es", "value": " H3C N12 V100R005 contiene una vulnerabilidad de desbordamiento de b\u00fafer debido a la falta de verificaci\u00f3n de longitud en la funci\u00f3n de procesamiento de la red inal\u00e1mbrica 5G. Los atacantes que aprovechen esta vulnerabilidad con \u00e9xito pueden provocar que el dispositivo de destino remoto se bloquee o ejecute comandos arbitrarios enviando una solicitud POST a /bin/webs."}], "lastModified": "2025-05-27T17:00:34.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:h3c:n12_firmware:100r005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1C866E0-A636-473B-8B85-3EF6FF2B1458"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:h3c:n12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C322C730-9A54-4597-A8F9-0F156C10E299"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}