Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated network-reachable password reset yields full admin control, warranting C:H/I:H/A:H despite provided score's low-impact metrics.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
AnalysisAI
Unauthenticated remote password modification on H3C NX15 V100R017 routers allows any network-reachable attacker to overwrite the administrator password via the change_passwd function at the /api/login/modify endpoint, effectively seizing full administrative control of the device. The vulnerability stems from a missing authentication or authorization check on the password modification API (CWE-640), meaning no credentials or session token are required to invoke it. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions are required for exploitation beyond network-level reachability of the HTTP/HTTPS management port on the H3C NX15. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector provided (AV:N/AC:L/AT:N/PR:N/UI:N) correctly captures the attack surface - unauthenticated, network-reachable, no complexity - but the impact metrics (VC:L/VI:L/VA:L) materially understate the practical impact of an unauthenticated admin password reset, which effectively constitutes full device takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker performing an internet-wide scan discovers an H3C NX15 router with its web management port exposed; they send a crafted unauthenticated HTTP POST request to /api/login/modify with a chosen newPass value, immediately resetting the administrator password without any credential validation. The attacker then logs into the admin console with the newly set password, gaining full control over the device's network configuration, DNS settings, and firewall rules. … |
| Remediation | No vendor-released patch has been identified at time of analysis - affected organizations should monitor the H3C security advisory portal for a firmware update addressing CVE-2026-15479. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43201
GHSA-rg9f-h2v7-xh94