CVE-2025-60262

Critical CVSS: 9.8

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.

Vendor

H3c

Product

Mc102-g Firmware

CWE

CWE-276

Yayın Tarihi

2026-01-06 16:15:51

Güncelleme

2026-01-29 01:36:21

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-276 Mc102-g Firmware CRITICAL H3c 2026

Referanslar

https://www.notion.so/23e54a1113e780d686fbe1624ee0465d https://www.notion.so/Misconfiguration-in-H3C-23e54a1113e780d686fbe1624ee0465d

Benzer Kayıtlar

High

CVE-2026-3701

A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function…

High

CVE-2025-14015

A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /gof…

High

CVE-2025-57295

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credenti…

High

CVE-2025-44653

In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option is set to 0 in the /etc/bftpd.conf. This can cause DoS atta…

Medium

CVE-2025-5162

A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected…

Medium

CVE-2025-5161

A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulne…