Which versions of Magic B1 are affected by CVE-2026-6581?

CVE-2026-6581 is a high-severity remote code execution vulnerability affecting H3C Magic B1 routers (firmware up to 100R004) that allows authenticated users to completely compromise the device…

Is there a public PoC exploit available for CVE-2026-6581?

Yes, a public proof-of-concept exploit is available for CVE-2026-6581. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-6581?

Within 24 hours: Identify all H3C Magic B1 routers running firmware 100R004 or earlier in your environment and disable remote management access; segment affected devices from critical network zones. Within 7 days: Contact H3C for patch availability and timeline; implement network access controls restricting HTTP access to /goform/aspForm endpoints. Within 30 days: Replace or upgrade all affected H3C Magic B1 routers to patched firmware versions when available from vendor, or migrate to alternative equipment from vendors with confirmed patch availability.

Magic B1 CVE-2026-6581

Q: What is the CVSS score of CVE-2026-6581?

CVE-2026-6581 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-23716 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-19 VulDB

GHSA-wg8p-6252-5cpj

Buffer Overflow Magic B1

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 22, 2026 - 20:22 vuln.today

Public exploit code

Analysis Updated

Apr 19, 2026 - 23:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 19, 2026 - 23:22 vuln.today

cvss_changed

CVSS changed

Apr 19, 2026 - 23:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 19, 2026 - 22:50 vuln.today

EUVD ID Assigned

Apr 19, 2026 - 22:45 euvd

EUVD-2026-23716

Analysis Generated

Apr 19, 2026 - 22:45 vuln.today

CVE Published

Apr 19, 2026 - 22:30 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code execution in H3C Magic B1 router firmware versions up to 100R004 allows authenticated attackers to trigger a buffer overflow in the SetMobileAPInfoById function via crafted HTTP requests to /goform/aspForm. CVSS:4.0 rated 7.4 (High) with confirmed publicly available exploit code on GitHub. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Reconnaissance via internet scanning

Delivery

Authenticate with compromised/default credentials

Exploit

Send crafted POST to /goform/aspForm

Install

Trigger buffer overflow in SetMobileAPInfoById

Execute arbitrary code as root

Execute

Install persistent backdoor

Impact

Intercept network traffic or pivot to LAN