CVE-2025-2728

HIGH Year: 2025
CVSS v3 Score
8.0
High
CVSS v2 Score
7.7
High
Weakness Type
CWE-74
View all →

Vulnerability Description

A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2020-23050

HIGH
CVSS:8.0(High)

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attac...

CWE-742020

CVE-2021-0594

HIGH
CVSS:8.0(High)

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an...

CWE-742021

CVE-2021-28829

HIGH
CVSS:8.0(High)

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for ...

CWE-742021

CVE-2021-41390

HIGH
CVSS:8.0(High)

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

CWE-742021

CVE-2023-48709

HIGH
CVSS:8.0(High)

iTop is an IT service management platform. When exporting data from backoffice or portal in CSV or Excel files, users' inputs may include malicious formulas that may be imported into Excel. As Excel 2...

CWE-742023

CVE-2024-10841

MEDIUM
CVSS:8.0(High)

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler....

CWE-742024