Back

Critical Buffer Overflow Vulnerability in H3C Magic B0 Devices

Severity: High (Score: 72.0)

Sources: www.redpacketsecurity.com, db.gcve.eu, www.thehackerwire.com, nitter.net, Feedly

Summary

A high-severity buffer overflow vulnerability, CVE-2026-6560, has been identified in H3C Magic B0 devices running firmware versions up to 100R002. The vulnerability affects the Edit_BasicSSID function in the /goform/aspForm file, allowing authenticated attackers to exploit it remotely with low privileges. Successful exploitation can lead to significant impacts on confidentiality, integrity, and availability, including memory corruption and unauthorized data access. The exploit has been publicly disclosed, and a proof-of-concept is available, raising the likelihood of exploitation attempts. Patches have been released, and immediate action is recommended to secure affected devices. The vendor, H3C, has not responded to inquiries regarding this issue. Security professionals are advised to implement strong authentication controls and monitor network traffic for suspicious activities. CVSS score for this vulnerability is 8.8. Key Points: • CVE-2026-6560 is a critical buffer overflow vulnerability in H3C Magic B0 devices. • Exploitation can lead to severe impacts, including unauthorized access and denial of service. • Immediate patching and enhanced security measures are essential to mitigate risks.

Key Entities

  • Data Breach (attack_type)
  • CVE-2026-6560 (cve)
  • CVE-2026-6563 (cve)
  • Cwe-119 - Improper Restriction Of Operations Within Memory Buffer (cwe)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • H3C Magic B0 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed