Skip to main content

H3C Magic B0 EUVDEUVD-2026-33638

| CVE-2026-10259 HIGH
Buffer Overflow (CWE-119)
2026-06-01 cna@vuldb.com GHSA-ffmq-hhhq-fw84
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 01, 2026 - 15:32 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in H3C Magic B0 routers (versions up to 100R002) allows remote authenticated attackers to corrupt memory via the SetMobileAPInfoById function in /goform/aspForm by manipulating the param argument. Publicly available exploit code exists (disclosed on GitHub and VulDB), and the vendor did not respond to disclosure outreach, leaving devices without an official fix. CVSS 4.0 score of 7.4 reflects high impact to confidentiality, integrity, and availability with low attack complexity.

Technical ContextAI

H3C Magic B0 is a consumer/SOHO wireless router from H3C Technologies. The vulnerability resides in the web management interface, specifically the SetMobileAPInfoById handler reachable via the /goform/aspForm endpoint - a common ASP-style form handler pattern used in embedded router firmware. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), manifesting as a stack-based buffer overflow when the 'param' argument is processed without adequate length validation, likely via an unsafe string copy operation (e.g., strcpy/sprintf) into a fixed-size stack buffer. Successful exploitation can corrupt the call stack and potentially redirect execution to attacker-controlled code on the MIPS/ARM SoC typical of such devices. No CPE strings were provided in the intelligence data to enumerate exact hardware revisions.

RemediationAI

No vendor-released patch identified at time of analysis - H3C did not respond to the disclosure. As compensating controls, restrict access to the router's web management interface to trusted LAN segments only by disabling any WAN-side/remote administration feature (trade-off: loss of remote management convenience), enforce strong unique admin credentials and rotate any defaults to raise the PR:L bar, and place the device behind a network segment with ACLs blocking inbound HTTP/HTTPS to the router from untrusted hosts. Monitor outbound connections from the router for indicators of compromise, and consider replacing the device with a supported model if H3C continues to be unresponsive; details and PoC references are tracked at https://vuldb.com/cve/CVE-2026-10259 and https://github.com/666324/H3C-Magic-B0-vuln.

Share

EUVD-2026-33638 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy