CVE-2024-57482
Published: 14 January 2025
Description
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs.
Security Summary
CVE-2024-57482 is a buffer overflow vulnerability (CWE-120) affecting H3C N12 V100R005, caused by a lack of length verification in the 5G wireless network processing function. The vulnerability resides in the web interface component accessible at /bin/webs, where improper handling of input can lead to memory corruption. Published on 2025-01-14, it has a CVSS v3.1 base score of 9.8, reflecting its critical severity.
Unauthenticated remote attackers can exploit this vulnerability by sending a specially crafted POST request to /bin/webs on a vulnerable device. Successful exploitation allows the attacker to cause a denial-of-service condition by crashing the remote target device or, in more severe cases, execute arbitrary commands, granting high levels of confidentiality, integrity, and availability impact.
Mitigation guidance is available in vendor advisories and related resources, including the H3C security bulletin at http://h3c.com and a detailed analysis in the GitHub gist at https://gist.github.com/XiaoCurry/d39f76a025df8b78a5f9e1aa48c16d18. Security practitioners should consult these for patch availability and workarounds specific to H3C N12 V100R005 deployments.
Details
- CWE(s)