Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Remote buffer overflow in H3C Magic B3 routers (firmware up to 100R002) allows attackers with high privileges to corrupt memory via the UpdateWanParams function in /goform/aspForm by manipulating the param argument. Publicly available exploit code exists per VulDB disclosure, though the vendor did not respond to coordinated disclosure attempts. With CVSS 4.0 score of 7.3 and PR:H requirement, exploitation hinges on prior administrative access to the device's web interface.
Technical ContextAI
The vulnerability resides in the embedded web management interface of the H3C Magic B3 consumer/SMB router, specifically the ASP-style form handler at /goform/aspForm which routes to the UpdateWanParams function responsible for processing WAN configuration parameters. CWE-120 (Classic Buffer Overflow / Buffer Copy without Checking Size of Input) indicates the param argument is copied into a fixed-size stack or heap buffer without bounds validation, a recurring pattern in embedded router goform handlers written in C. The CPE cpe:2.3:a:h3c:magic_b3 confirms the H3C Magic B3 product line as the sole affected target, with no firmware version cutoff beyond '100R002' provided.
RemediationAI
No vendor-released patch identified at time of analysis - H3C did not respond to disclosure attempts per the VulDB report at https://vuldb.com/vuln/364389. As compensating controls, restrict administrative access to the router's web interface (/goform/aspForm) to trusted management VLANs or specific source IPs via firewall rules, which prevents remote exploitation but complicates legitimate remote administration. Disable WAN-side management entirely if enabled, accepting the loss of remote configuration capability. Rotate administrator credentials and disable default accounts to raise the bar against the PR:H prerequisite, and consider replacing the device with a supported model if it is deployed in security-sensitive environments, since unpatched embedded devices accumulate exposure over time.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30711
GHSA-fgq5-p2r5-jrm5