CVE-2024-32238
published 2024-04-22CVE-2024-32238: H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
53.23%
98.8th percentile
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
Detection & IOCsextracted from sources · hover to see the quote
- →Fingerprint vulnerable H3C ER8300G2-X devices via FOFA using the body string 'icg_helpScript.js' ↗
- →Exploit requires two sequential HTTP requests: first GET /userLogin.asp to extract the module name via regex '([A-Za-z0-9-]+)系统管理', then GET /userLogin.asp/../actionpolicy_status/../<module_name>.cfg to retrieve the config file containing credentials ↗
- →Successful exploitation is confirmed when the response has HTTP 200, Content-Type 'application/x-unknown', body contains both 'admpwd=' and 'auxauthmode=', and Server header contains 'H3C-Miniware' ↗
- →The module name used in the path traversal .cfg request is extracted from the login page body using the regex pattern '([A-Za-z0-9-]+)系统管理' ↗
- ·The path traversal segment uses a dynamic module name extracted from the login page; the exact .cfg filename varies per device and must be resolved at runtime from the first HTTP response ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w4fx-77wp-mx4j: H3C ER8300G2-X is vulnerable to Incorrect Access Control
ghsa_unreviewed·2024-04-22
CVE-2024-32238 [CRITICAL] CWE-522 GHSA-w4fx-77wp-mx4j: H3C ER8300G2-X is vulnerable to Incorrect Access Control
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
VulnCheck
Insufficiently Protected Credentials
vulncheck·2024·CVSS 9.8
CVE-2024-32238 [CRITICAL] Insufficiently Protected Credentials
Insufficiently Protected Credentials
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
Affected: H3C H3C ER8300G2-X
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://info.greynoise.io/hubfs/resources/GreyNoise-2025-Mass-Internet-Exploitation-Report.pdf
Exploit PoC: https://vulncheck.com/xdb/90551f44c845
No detection rules found.
Nuclei
H3C ER8300G2-X - Password Disclosure
nuclei·CVSS 9.8
CVE-2024-32238 [CRITICAL] H3C ER8300G2-X - Password Disclosure
H3C ER8300G2-X - Password Disclosure
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
Template:
id: CVE-2024-32238
info:
name: H3C ER8300G2-X - Password Disclosure
author: s4e-io,adeljck
severity: critical
description: |
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
impact: |
Unauthenticated attackers can access the router's administrative password via the management system interface.
remediation: |
Update H3C ER8300G2-X router firmware to a version that addresses the password disclosure vulnerability.
reference:
- https://github.com/wy876/POC/b
No writeups or analysis indexed.
https://github.com/asdfjkl11/CVE-2024-32238/issues/1https://www.h3c.com/cn/Products_And_Solution/InterConnect/Products/Routers/Products/Enterprise/ER/ER8300G2-X/https://github.com/asdfjkl11/CVE-2024-32238/issues/1https://www.h3c.com/cn/Products_And_Solution/InterConnect/Products/Routers/Products/Enterprise/ER/ER8300G2-X/
2024-04-22
Published
Exploited in the wild