CVE-2024-32238

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the routers management system can be accessed via the management system page login interface.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/102.html
• https://cwe.mitre.org/data/definitions/474.html
• https://cwe.mitre.org/data/definitions/50.html
• https://cwe.mitre.org/data/definitions/509.html
• https://cwe.mitre.org/data/definitions/551.html
• https://cwe.mitre.org/data/definitions/555.html
• https://cwe.mitre.org/data/definitions/560.html
• https://cwe.mitre.org/data/definitions/561.html
• https://cwe.mitre.org/data/definitions/600.html
• https://cwe.mitre.org/data/definitions/644.html
• https://cwe.mitre.org/data/definitions/645.html
• https://cwe.mitre.org/data/definitions/652.html
• https://cwe.mitre.org/data/definitions/653.html

References

• https://github.com/asdfjkl11/CVE-2024-32238/issues/1
• https://www.h3c.com/cn/Products_And_Solution/InterConnect/Products/Routers/Products/Enterprise/ER/ER8300G2-X/