Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
H3C Magic B1: Remote Code Execution Through Buffer Overflow
CVE-2026-6563
Summary
A security flaw in H3C Magic B1 allows an attacker to execute malicious code on the device by manipulating a specific argument. This could give the attacker control over the device. The vendor has not yet released a fix, but you can protect your device by applying a patch or update as soon as one is available.
Original title
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads t...
Original description
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026