- Description
- A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- 10
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:C/I:C/A:C
- cna@vuldb.com
- CWE-74
- Hype score
- Not currently trending
🚨 Critical Alert: CVE-2025-3543 in H3C Magic devices (NX15, NX30 Pro, NX400, R3010 up to V100R014)! 🔍 Command injection via FCGI_WizardProtoProcess in HTTP POST requests. ⚠️ Local network access needed. Exploit public! 🚫 Act NOW & upgrade! Stay safe! 🔒 #CyberSecurity
@SecAideInfo
16 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-3543 - Jenkins - HIGH 🚨 🗓️ Date published 2025-04-14 01:15:13 UTC #Jenkins #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/xNgdUw5IPZ
@vulns_space
14 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3543 A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the … https://t.co/TkxHMubZsG
@CVEnew
14 Apr 2025
768 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-3543: HIGH] Critical vulnerability found in H3C products like Magic NX15, NX30 Pro, NX400, R3010 up to V100R014 allows command injection via HTTP POST Request Handler. Upgrade recommended.#cybersecurity,#vulnerability https://t.co/ax4819AT2R https://t.co/DZ10j2LYrz
@CveFindCom
14 Apr 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes