Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Magic NX15 — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Magic NX15, with AI-generated Chinese analysis, references, and POCs.

This page documents known security vulnerabilities and weaknesses associated with the Magic NX15 network appliance, categorized by common weakness enumeration tags. It aggregates data from various security advisories, bug trackers, and vendor disclosures to provide a comprehensive view of the product's security posture over time. The collection covers historical reports and newly identified flaws affecting different versions of the Magic NX15 firmware and hardware configurations, ensuring a broad temporal scope for analysis. Readers can utilize this resource to track specific vendor advisories as they are released, gaining insight into the remediation steps and patch availability for each disclosed issue. Additionally, the page allows users to understand the nature of specific weakness classes impacting this device, facilitating deeper technical analysis of root causes and potential exploitation vectors. By examining the vulnerability history, security professionals can assess the cumulative risk profile of the Magic NX15, identify patterns in defect introduction, and evaluate the effectiveness of security updates over the product's lifecycle. This centralized aggregation serves as a reference point for auditing, penetration testing, and risk management decisions, helping stakeholders make informed choices regarding deployment, maintenance, and upgrade strategies without relying on fragmented information sources.

Vendor: H3C

CVE IDTitleCVSSSeverityPublished
CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection CWE-77 8.0 High2025-04-14
CVE-2025-3545 H3C Magic BE18000 HTTP POST Request setLanguage FCGI_CheckStringIfContainsSemicolon command injection CWE-77 8.0 High2025-04-14
CVE-2025-3544 H3C Magic BE18000 HTTP POST Request getCapabilityWeb FCGI_CheckStringIfContainsSemicolon command injection CWE-77 8.0 High2025-04-14
CVE-2025-3543 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request setsyncpppoecfg FCGI_WizardProtoProcess command injection CWE-77 8.0 High2025-04-14
CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection CWE-77 8.0 High2025-04-13
CVE-2025-3541 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getSpecs FCGI_WizardProtoProcess command injection CWE-77 8.0 High2025-04-13
CVE-2025-3540 H3C Magic NX15/Magic NX30 Pro/Magic NX400/Magic R3010 HTTP POST Request getCapability FCGI_WizardProtoProcess command injection CWE-77 8.0 High2025-04-13
CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection CWE-77 8.0 High2025-04-13
CVE-2025-2732 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection CWE-77 8.0 High2025-03-25
CVE-2025-2731 H3C Magic BE18000 HTTP POST Request getDualbandSync command injection CWE-77 8.0 High2025-03-25
CVE-2025-2730 H3C Magic BE18000 HTTP POST Request getssidname command injection CWE-77 8.0 High2025-03-25
CVE-2025-2729 H3C Magic BE18000 HTTP POST Request networkSetup command injection CWE-77 8.0 High2025-03-25
CVE-2025-2726 H3C Magic BE18000 HTTP POST Request esps command injection CWE-77 8.0 High2025-03-25
CVE-2025-2725 H3C Magic BE18000 HTTP POST Request auth command injection CWE-77 8.0 High2025-03-25

All 14 known CVE vulnerabilities affecting Magic NX15 with full Chinese analysis, references, and POCs where available.