H3C ACG1000-AK230 CVE-2026-3943
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.
AnalysisAI
Command injection in H3C ACG1000-AK230 through the /webui/?aaa_portal_auth_local_submit endpoint allows unauthenticated remote attackers to execute arbitrary commands by manipulating the suffix parameter. Public exploit code exists for this vulnerability, which affects versions up to 20260227 with no patch currently available. The vulnerability carries a CVSS score of 7.3 and provides attackers with partial access to confidentiality, integrity, and availability.
Technical ContextAI
affects A vulnerability was found in H3C ACG1000-AK230. was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.
Affected ProductsAI
Product: A vulnerability was found in H3C ACG1000-AK230. Versions: up to 20260227..
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today