CVE-2022-28940

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:h3c:magic_r100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:magic_r100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:58

Type Values Removed Values Added
References () https://github.com/zhefox/0day/blob/main/%E6%96%B0%E5%8D%8E%E4%B8%89magicR100%E5%AD%98%E5%9C%A8DOS%E6%94%BB%E5%87%BB%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md - Exploit, Third Party Advisory () https://github.com/zhefox/0day/blob/main/%E6%96%B0%E5%8D%8E%E4%B8%89magicR100%E5%AD%98%E5%9C%A8DOS%E6%94%BB%E5%87%BB%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md - Exploit, Third Party Advisory

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-863 NVD-CWE-noinfo

Information

Published : 2022-05-04 16:15

Updated : 2024-11-21 06:58


NVD link : CVE-2022-28940

Mitre link : CVE-2022-28940

CVE.ORG link : CVE-2022-28940


JSON object : View

Products Affected

h3c

  • magic_r100
  • magic_r100_firmware