H200 Firmware
CVE-2022-37093
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList.
AnalysisAI
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList. Affected products include: H3C H200 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in H200 Firmware
View allH3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone. Rated critical severit
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat. Rated critical severity (C
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params. Rated critical sever
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById. Rated critical severity
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6. Rated critical severity (C
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams. Rated critical severi
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. Rated critical seve
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. Rated critical
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList. Rated critical severi
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID. Rated critical severit
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList. Rated critical severity (
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById. Rated critical severi
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today