Which versions of H3C Magic B3 are affected by EUVD-2026-30711?

H3C Magic B3 routers through firmware version 100R002 contain a remote buffer overflow vulnerability in the UpdateWanParams function requiring authenticated administrative access.

Is there a public PoC exploit available for EUVD-2026-30711?

Yes, a public proof-of-concept exploit is available for EUVD-2026-30711. Prioritise patching immediately. EPSS: 0.0%.

H3C Magic B3 EUVD-2026-30711

Q: What is the CVSS score of EUVD-2026-30711?

EUVD-2026-30711 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8764 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-17 VulDB

GHSA-fgq5-p2r5-jrm5

Buffer Overflow

7.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 17, 2026 - 22:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 17, 2026 - 22:22 vuln.today

cvss_changed

CVSS changed

May 17, 2026 - 22:22 NVD

7.2 (HIGH) 7.3 (HIGH)

Analysis Generated

May 17, 2026 - 22:15 vuln.today

DescriptionNVD

A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote buffer overflow in H3C Magic B3 routers (firmware up to 100R002) allows attackers with high privileges to corrupt memory via the UpdateWanParams function in /goform/aspForm by manipulating the param argument. Publicly available exploit code exists per VulDB disclosure, though the vendor did not respond to coordinated disclosure attempts. …

RemediationAI

Within 24 hours: Inventory all H3C Magic B3 router deployments and document current firmware versions; disable remote/web-based administrative access and restrict management interfaces to local console or trusted internal networks only via firewall rules. Within 7 days: Isolate router management traffic on dedicated administrative VLAN separate from production networks; enable comprehensive audit logging of all administrative activities; brief incident response team on vulnerability and compensating controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-30711 vulnerability details – vuln.today

Back

H3C Magic B3 EUVD-2026-30711

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

H3C Magic B3 EUVD-2026-30711

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code