Skip to main content

H3C Magic B0 EUVD-2026-31549

| CVE-2026-9393 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-24 VulDB GHSA-mx2p-2hcq-xr76
Buffer Overflow Magic B0
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 08:54 vuln.today
CVSS changed
May 26, 2026 - 19:37 NVD
8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function Edit_BasicSSID_5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Buffer overflow in the H3C Magic B0 router (firmware up to 100R002) allows authenticated remote attackers to corrupt memory via the param argument handled by the Edit_BasicSSID_5G function in /goform/aspForm, leading to high impact on confidentiality, integrity, and availability. Publicly available exploit code exists per VulDB, though EPSS remains very low (0.04%, 13th percentile) and the issue is not listed in CISA KEV, indicating no public exploit identified as actively used at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed H3C Magic B0 web UI
Delivery
Obtain low-privileged web credentials
Exploit
Send crafted POST to /goform/aspForm Edit_BasicSSID_5G
Execution
Overflow param buffer to hijack control flow
Persist
Execute code as router web service
Impact
Pivot to LAN and persist on gateway
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must reach the router's HTTP management interface (/goform/aspForm) over the network and must already hold low-privileged authenticated access to the web UI (CVSS PR:L) - typically a valid web admin or guest-admin account, which on SOHO devices is often default/weak credentials. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) describes a low-complexity network-reachable attack requiring low privileges and no user interaction, with high impact on the vulnerable component but no scope change to other systems - yielding a base score of 7.4. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privileged web UI credentials on an H3C Magic B0 router - for example via default or reused credentials on a LAN-reachable or WAN-exposed admin portal - sends a crafted POST to /goform/aspForm targeting Edit_BasicSSID_5G with an oversized param value. Publicly available exploit code (referenced at https://github.com/alc9700jmo/CVE/issues/25) demonstrates the buffer overflow, which can crash the router or, with reliable offsets for the specific firmware build, execute attacker-controlled code as the web service user, giving full control of the gateway and the LAN behind it.
Remediation No vendor-released patch identified at time of analysis - H3C did not respond to coordinated disclosure, so defenders should treat affected Magic B0 devices (firmware up to 100R002) as unpatched and apply compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify and inventory all H3C Magic B0 routers; document firmware versions (up to 100R002); isolate affected devices using network segmentation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31549 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy