CVE-2025-3540 | H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 up to V100R014 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component HTTP POST Request Handler. The manipulation leads to command injection.

This vulnerability is known as CVE-2025-3540. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More