Description
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-19
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: Remote code execution via buffer overflow
Action: Apply Patch
AI Analysis

Impact

A buffer overflow exists in the Edit_BasicSSID function of the H3C Magic B0's /goform/aspForm endpoint. This flaw can be triggered by malformed input in the param argument, allowing an attacker to write memory beyond the intended bounds and potentially execute arbitrary code. The weakness is identified by CWE‑119 and CWE‑120 and could compromise the device if exploited.

Affected Systems

The flaw affects H3C Magic B0 devices running firmware up to 100R002. The product is typically deployed in network environments as a wireless gateway or access point.

Risk and Exploitability

The CVSS score is 8.7, indicating a high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The vendor did not respond to the initial disclosure, and the exploit has been publicly disclosed, suggesting a potential threat vector over the network to the device's management interface.

Generated by OpenCVE AI on April 19, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version released after 100R002 or that explicitly includes the buffer‑overflow fix when an official patch becomes available.
  • If no patch exists, restrict remote access to the management interface by blocking HTTP/HTTPS access from untrusted networks or limiting the set of allowed IP addresses through firewall or ACL rules.
  • Contact H3C support to obtain an official security advisory or temporary mitigation recommendations, and monitor the device for anomalous activity that could indicate exploitation attempts.

Generated by OpenCVE AI on April 19, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared H3c
H3c magic B0
Vendors & Products H3c
H3c magic B0

Sun, 19 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title H3C Magic B0 aspForm Edit_BasicSSID buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

H3c Magic B0
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-19T06:45:14.514Z

Reserved: 2026-04-18T15:54:54.172Z

Link: CVE-2026-6560

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-19T07:16:05.973

Modified: 2026-04-19T07:16:05.973

Link: CVE-2026-6560

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-19T09:30:22Z

Weaknesses