Skip to main content

Magic B1

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-6581 HIGH POC This Week

Remote code execution in H3C Magic B1 router firmware versions up to 100R004 allows authenticated attackers to trigger a buffer overflow in the SetMobileAPInfoById function via crafted HTTP requests to /goform/aspForm. CVSS:4.0 rated 7.4 (High) with confirmed publicly available exploit code on GitHub. No vendor response or patch available. EPSS data not provided, but public exploit availability significantly elevates exploitation risk. The CWE-120 buffer overflow enables full device compromise (VC:H/VI:H/VA:H) with low attack complexity (AC:L) requiring only low-privileged authentication (PR:L).

Buffer Overflow Magic B1
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6563 HIGH POC This Week

Buffer overflow in H3C Magic B1 router firmware (versions through 100R004) allows authenticated remote attackers to achieve complete system compromise via crafted parameters to the SetAPWifiorLedInfoById function in /goform/aspForm. Public exploit code exists on GitHub. CVSS 7.4 (High) with network attack vector, low complexity, and confirmed proof-of-concept (CVSS:4.0 E:P). Vendor unresponsive to disclosure. EPSS and KEV status not provided in available data.

Buffer Overflow Magic B1
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-6581
EPSS 0% CVSS 7.4
HIGH POC This Week

Remote code execution in H3C Magic B1 router firmware versions up to 100R004 allows authenticated attackers to trigger a buffer overflow in the SetMobileAPInfoById function via crafted HTTP requests to /goform/aspForm. CVSS:4.0 rated 7.4 (High) with confirmed publicly available exploit code on GitHub. No vendor response or patch available. EPSS data not provided, but public exploit availability significantly elevates exploitation risk. The CWE-120 buffer overflow enables full device compromise (VC:H/VI:H/VA:H) with low attack complexity (AC:L) requiring only low-privileged authentication (PR:L).

Buffer Overflow Magic B1
NVD VulDB GitHub
CVE-2026-6563
EPSS 0% CVSS 7.4
HIGH POC This Week

Buffer overflow in H3C Magic B1 router firmware (versions through 100R004) allows authenticated remote attackers to achieve complete system compromise via crafted parameters to the SetAPWifiorLedInfoById function in /goform/aspForm. Public exploit code exists on GitHub. CVSS 7.4 (High) with network attack vector, low complexity, and confirmed proof-of-concept (CVSS:4.0 E:P). Vendor unresponsive to disclosure. EPSS and KEV status not provided in available data.

Buffer Overflow Magic B1
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy