Vulnerabilities > CVE-2022-28940 - Unspecified vulnerability in H3C Magic R100 Firmware V100R005

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

h3c

NVD

Published: 2022-05-04

Updated: 2023-08-08

Summary

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

Vulnerable Configurations

Part	Description	Count
OS	H3C H3C Magic R100 Firmware - H3C Magic R100 Firmware V100R005	2
Hardware	H3C H3C Magic R100 -	1

References

https://github.com/zhefox/0day/blob/main/%E6%96%B0%E5%8D%8E%E4%B8%89magicR100%E5%AD%98%E5%9C%A8DOS%E6%94%BB%E5%87%BB%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md