CVE Catalog

CVE-2024-57482

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile - higher than 50% of all known CVEs

Summary

A buffer overflow vulnerability was found in the H3C N12 V100R005 device within the 5G wireless network processing function. The lack of length validation allows an attacker to remotely crash the device or execute arbitrary commands by sending a POST request to /bin/webs.

Risk Assessment

The risk includes remote code execution and denial of service, potentially leading to network disruption, data theft, or using the device as an entry point for further attacks.

Recommendation

Immediately update the H3C N12 firmware to the latest version that fixes this vulnerability. If no update is available, restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS