CVE-2026-10259
Stack-Based Buffer Overflow in H3C Magic B0
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| h3c | magic_b0 | to 100R002 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in H3C Magic B0 up to firmware version 100R002, immediate steps include avoiding exposure of the /goform/aspForm endpoint to untrusted networks since the attack can be performed remotely.
Restrict network access to the affected device by implementing firewall rules or network segmentation to limit who can send requests to the vulnerable function SetMobileAPInfoById.
Monitor network traffic for suspicious POST requests targeting the /goform/aspForm endpoint with unusually long param values, which may indicate exploitation attempts.
Since no vendor response or patch is available, consider disabling or restricting the vulnerable functionality if possible until an official fix is released.
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in H3C Magic B0 routers up to firmware version 100R002. It occurs in the function SetMobileAPInfoById within the /goform/aspForm endpoint. By manipulating the 'param' argument without proper length validation, an attacker can overflow the buffer.
The overflow can be triggered remotely by sending a specially crafted HTTP POST request with an excessively long 'param' value, potentially leading to denial of service or remote code execution.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to cause a denial of service or execute arbitrary code remotely on the affected device.
This means an attacker could disrupt network services or gain control over the router, potentially compromising the security and availability of your network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/aspForm endpoint of the H3C Magic B0 router, specifically targeting the SetMobileAPInfoById function with an excessively long param value to trigger the buffer overflow.
A proof-of-concept (POC) request involves manipulating the param argument in the POST data to a length that causes the overflow, which can be used to test if the system is vulnerable.
While exact commands are not provided, a typical detection approach would be to use tools like curl or a custom script to send such a POST request and observe the system's response or behavior for signs of buffer overflow or crash.