CVE-2024-38903 — MEDIUM (4.1)

Vulnerability Description

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.

CVSS Score

4.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
H3C	Magic R230 Firmware	100r002
H3C	Magic R230	-

Related Weaknesses (CWE)

CWE-77

References

https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPseExploitThird Party Advisory
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPseExploitThird Party Advisory

FAQ

What is CVE-2024-38903?

CVE-2024-38903 is a vulnerability with a CVSS score of 4.1 (MEDIUM). H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.

How severe is CVE-2024-38903?

CVE-2024-38903 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-38903?

Check the references section above for vendor advisories and patch information. Affected products include: H3C Magic R230 Firmware, H3C Magic R230.