CVE-2024-57479
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
A buffer overflow vulnerability was found in the H3C N12 V100R005 device in the MAC address update function. Lack of length validation allows an attacker to remotely crash the device or execute arbitrary code by sending a POST request to /bin/webs.
Risk Assessment
The risk for the organization includes remote takeover of the network device, potentially leading to network disruption, data theft, or using the device as an entry point for further attacks.
Recommendation
It is recommended to immediately update the H3C N12 firmware to the latest version that fixes this vulnerability. If an update is not available, restrict access to the management interface to trusted IP addresses only.
Original NVD description (English source)
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

