What is the CVSS score of CVE-2026-3701?

CVE-2026-3701 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Magic B1 Firmware are affected by CVE-2026-3701?

A high-severity vulnerability (CVSS 8.8) has been identified in H3C Magic B1 wireless devices that could allow unauthorized attackers to modify critical WiFi configuration settings.

Is there a public PoC exploit available for CVE-2026-3701?

Yes, a public proof-of-concept exploit is available for CVE-2026-3701. Prioritise patching immediately. EPSS: 0.1%.

Magic B1 Firmware CVE-2026-3701

HIGH

Buffer Overflow (CWE-119)

2026-03-08 cna@vuldb.com

Buffer Overflow Magic B1 Firmware

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 10, 2026 - 18:55 vuln.today

Public exploit code

CVE Published

Mar 08, 2026 - 05:16 nvd

HIGH 8.8

DescriptionNVD

A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code execution in H3C Magic B1 firmware through a buffer overflow in the SSID configuration function allows unauthenticated attackers to gain complete system compromise over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. …

RemediationAI

Within 24 hours: Identify and inventory all H3C Magic B1 devices running firmware version 100R004 or earlier and isolate them from production networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to these devices and deploy WAF/IDS rules to block exploitation attempts targeting /goform/aspForm endpoints. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-3701 vulnerability details – vuln.today

Back

Magic B1 Firmware CVE-2026-3701

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code