CVE-2025-2730
Published: 25 March 2025
Description
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Security Summary
CVE-2025-2730 is a critical command injection vulnerability affecting H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010, and Magic BE18000 routers running versions up to V100R014. The issue resides in an unknown function within the /api/wizard/getssidname endpoint of the HTTP POST Request Handler component, classified under CWE-74 and CWE-77. It carries a CVSS v3.1 base score of 8.0.
Exploitation requires an attacker to be within the local network (AV:A) with low privileges (PR:L) and no user interaction (UI:N). Successful manipulation of the vulnerable endpoint enables command injection, potentially granting high-impact confidentiality, integrity, and availability compromises (C:H/I:H/A:H) on the affected device.
Advisories, including those from VulDB and H3C's software download portal, recommend upgrading the affected component to mitigate the vulnerability. The exploit has been publicly disclosed and may be in use.
The vulnerability's public disclosure increases the risk of active exploitation within local networks.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection in the router's HTTP API endpoint directly enables exploitation of the remote web service (T1210) and arbitrary command execution on the network device via its CLI (T1059.008).