CVE-2025-3542 | H3C Magic NX15/Magic NX400/Magic R3010 up to V100R014 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command injection.

This vulnerability is uniquely identified as CVE-2025-3542. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More