Description
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection (Remote Code Execution)
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to inject arbitrary operating‑system commands into the command line that H3C ACG1000‑AK230 executes when the /webui/?aaa_portal_auth_local_submit endpoint processes the 'suffix' argument. The injection is possible because the input is not properly validated, resulting in a classic command‑injection weakness identified as CWE‑74 and CWE‑77. Successful exploitation lets the attacker execute arbitrary code with the privileges of the web service, potentially compromising the entire device.

Affected Systems

Affected systems are H3C ACG1000‑AK230 routers and switches running firmware versions up to 20260227. The path /webui/?aaa_portal_auth_local_submit is part of the web management interface. No specific sub‑version details are listed beyond the maximum release date.

Risk and Exploitability

The CVSS score of 6.9 indicates medium to high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild, but public exploits are available. The vulnerability can be triggered remotely, without authentication according to the description, which raises the potential impact. Since the issue is not listed in CISA’s KEV catalog, there is no current known exploitation campaign reported, but the public proof‑of‑concept demonstrates the risk.

Generated by OpenCVE AI on March 17, 2026 at 16:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply official patch or firmware update when released by H3C.
  • If a patch is not available immediately, disable or restrict access to the /webui interface from untrusted networks.
  • Enable network segmentation and limit management traffic to trusted IP ranges.
  • Monitor system logs for abnormal command‑execution activity.
  • Consider implementing a web application firewall that blocks suspicious payloads targeting the 'suffix' parameter.

Generated by OpenCVE AI on March 17, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared H3c
H3c acg1000-ak230
Vendors & Products H3c
H3c acg1000-ak230

Thu, 12 Mar 2026 08:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

H3c Acg1000-ak230
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-12T07:43:55.298Z

Reserved: 2026-03-11T06:35:18.972Z

Link: CVE-2026-3943

cve-icon Vulnrichment

Updated: 2026-03-11T14:12:03.098Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T13:16:11.470

Modified: 2026-03-12T08:16:10.090

Link: CVE-2026-3943

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:21Z

Weaknesses