CVE-2025-3542

Public Exploit

H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

Description

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

References

Link	Tags
https://vuldb.com/?id.304581	vdb entry technical description
https://vuldb.com/?ctiid.304581	signature permissions required
https://vuldb.com/?submit.524738	third party advisory
https://gist.github.com/mono7s/dd7a0a1ec444bb2c228590d298e37a5d	exploit
https://zhiliao.h3c.com/theme/details/229784	related
https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/	patch

Frequently Asked Questions

What is the severity of CVE-2025-3542?: CVE-2025-3542 has been scored as a high severity vulnerability.
How to fix CVE-2025-3542?: To fix CVE-2025-3542, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-3542 being actively exploited in the wild?: It is possible that CVE-2025-3542 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-3542?: CVE-2025-3542 affects H3C Magic NX15, H3C Magic NX400, H3C Magic R3010.

Description

Category

CWE-74 – Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

References

Frequently Asked Questions