Skip to main content

H3C NX15 EUVDEUVD-2026-43201

| CVE-2026-15479 MEDIUM
Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
2026-07-12 VulDB GHSA-rg9f-h2v7-xh94
5.5
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.8 CRITICAL

Unauthenticated network-reachable password reset yields full admin control, warranting C:H/I:H/A:H despite provided score's low-impact metrics.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 12, 2026 - 06:24 vuln.today
CVSS changed
Jul 12, 2026 - 06:22 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)

DescriptionCVE.org

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

AnalysisAI

Unauthenticated remote password modification on H3C NX15 V100R017 routers allows any network-reachable attacker to overwrite the administrator password via the change_passwd function at the /api/login/modify endpoint, effectively seizing full administrative control of the device. The vulnerability stems from a missing authentication or authorization check on the password modification API (CWE-640), meaning no credentials or session token are required to invoke it. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover exposed NX15 management port
Delivery
Send unauthenticated POST to /api/login/modify
Exploit
Supply arbitrary newPass value
Execution
Administrator password overwritten silently
Persist
Log in as admin with new credentials
Impact
Full device takeover achieved

Vulnerability AssessmentAI

Exploitation No special conditions are required for exploitation beyond network-level reachability of the HTTP/HTTPS management port on the H3C NX15. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector provided (AV:N/AC:L/AT:N/PR:N/UI:N) correctly captures the attack surface - unauthenticated, network-reachable, no complexity - but the impact metrics (VC:L/VI:L/VA:L) materially understate the practical impact of an unauthenticated admin password reset, which effectively constitutes full device takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker performing an internet-wide scan discovers an H3C NX15 router with its web management port exposed; they send a crafted unauthenticated HTTP POST request to /api/login/modify with a chosen newPass value, immediately resetting the administrator password without any credential validation. The attacker then logs into the admin console with the newly set password, gaining full control over the device's network configuration, DNS settings, and firewall rules. …
Remediation No vendor-released patch has been identified at time of analysis - affected organizations should monitor the H3C security advisory portal for a firmware update addressing CVE-2026-15479. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43201 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy