Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
H3C ACG1000-AK230: Remote code execution from website input
CVE-2026-3943
Summary
A security flaw in the H3C ACG1000-AK230 device allows an attacker to potentially execute malicious code on the device by manipulating input on the web interface. This could happen if a user enters specially crafted data into a form on the device's website. Users should stay informed about updates and patches from the vendor to ensure their device is secure.
Original title
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in comm...
Original description
A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026