CVE Catalog

CVE-2024-57473

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile - higher than 50% of all known CVEs

Summary

A buffer overflow vulnerability was discovered in the H3C N12 device running firmware version V100R005, specifically in the MAC address editing function. The lack of input length validation allows an attacker to send a crafted POST request to /bin/webs, potentially causing a device crash or arbitrary code execution.

Risk Assessment

The risk to the organization includes potential compromise of the network device, which could lead to network disruption, data theft, or use of the device as a pivot point for further attacks.

Recommendation

It is recommended to immediately update the H3C N12 firmware to the latest available version that addresses this vulnerability. Until the update is applied, restrict access to the device management interface to trusted IP addresses only.

Original NVD description (English source)

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS