Secpath F1000 C8300
Monthly
SQL injection in H3C SecPath F1000-C8300 (firmware up to 20260522) allows unauthenticated remote attackers to manipulate database queries via the `subject` parameter in the `/webui/?g=log_fw_nbc_mail_jsondata` web management endpoint. The vendor has confirmed the vulnerability and acknowledged a planned fix, but no patch is released as of the disclosure date. A publicly available exploit exists (hosted on Feishu), lowering the bar for exploitation significantly despite the moderate CVSS 4.0 score of 5.5.
SQL injection in H3C SecPath F1000-C8300 (firmware up to 20260522) allows unauthenticated remote attackers to manipulate database queries via the `subject` parameter in the `/webui/?g=log_fw_nbc_mail_jsondata` web management endpoint. The vendor has confirmed the vulnerability and acknowledged a planned fix, but no patch is released as of the disclosure date. A publicly available exploit exists (hosted on Feishu), lowering the bar for exploitation significantly despite the moderate CVSS 4.0 score of 5.5.