H3C Magic B1 Routers Exposed: Critical Buffer Overflow Publicly Exploitable

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-120
H3C Magic B1 Routers Exposed: Critical Buffer Overflow Publicly Exploitable

The National Vulnerability Database has disclosed CVE-2026-6581, a critical buffer overflow vulnerability in H3C Magic B1 routers, specifically affecting versions up to 100R004. This flaw resides within the SetMobileAPInfoById function of the /goform/aspForm file, where manipulating the param argument can trigger the overflow.

Rated with a CVSS score of 8.8 (HIGH), this vulnerability is remotely exploitable. The National Vulnerability Database confirms that a public exploit is now available, significantly escalating the risk for affected organizations. This means attackers don’t need to be on the local network to weaponize this flaw.

Despite early disclosure attempts, the vendor, H3C, has not responded. This lack of communication leaves defenders in a precarious position, with no official patch or workaround. The vulnerability’s public exploit availability demands immediate attention from any organization utilizing these specific H3C router models.

What This Means For You

  • If your organization deploys H3C Magic B1 routers (versions up to 100R004), you are directly exposed to a high-severity, remotely exploitable buffer overflow. With a public exploit available and no vendor response, these devices are prime targets. Isolate or replace these devices immediately. Audit network logs for any suspicious activity originating from or targeting these routers.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

H3C Magic B1 SetMobileAPInfoById Buffer Overflow Attempt - CVE-2026-6581

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6581 Buffer Overflow H3C Magic B1 up to 100R004
CVE-2026-6581 Buffer Overflow Vulnerable function: SetMobileAPInfoById in /goform/aspForm
CVE-2026-6581 Buffer Overflow Vulnerable parameter: param

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 02:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6591 — ComfyUI Path Traversal

CVE-2026-6591 — A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage...

vulnerabilityCVEmedium-severitypath-traversalcwe-22
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-6590 — ComfyUI Path Traversal

CVE-2026-6590 — A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview...

vulnerabilityCVEmedium-severitypath-traversalcwe-22
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-6589 — ComfyUI Vulnerability

CVE-2026-6589 — A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads...

vulnerabilityCVEmedium-severitycwe-352cwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 3 IOCs /⚙ 2 Sigma