CVE-2026-6581 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 19, 2026
H3C Magic B1 - Buffer Overflow
Overview
H3C Magic B1 <= 100R004 contains a buffer overflow caused by manipulation of the "param" argument in SetMobileAPInfoById function in /goform/aspForm, letting remote attackers cause memory corruption, exploit requires crafted request.
Severity & Score
Impact
Remote attackers can cause memory corruption, potentially leading to remote code execution or system crash.
Mitigation
Update to the latest version or patch provided by the vendor.
References
Social Media Activity(2 posts)
🚩 H3C Magic B1 devices ≤100R004 hit by HIGH severity buffer overflow (CVE-2026-6581). Public exploit code out, no vendor patch yet. Restrict management interface access & monitor /goform/aspForm activity. Details: https://radar.offseq.com/threat/cve-2026-6581-buffer-overflow-in-h3c-magic-b1-6a61fe35 #OffSeq #Vuln #InfoSec
View original post
🚩 H3C Magic B1 devices ≤100R004 hit by HIGH severity buffer overflow (CVE-2026-6581). Public exploit code out, no vendor patch yet. Restrict management interface access & monitor /goform/aspForm activity. Details: https://radar.offseq.com/threat/cve-2026-6581-buffer-overflow-in-h3c-magic-b1-6a61fe35 #OffSeq #Vuln #InfoSec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-6581
- Severity
- High
- CVSS Score
- 8.8
- Type
- buffer_overflow
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H