216.73.216.170

CVE-2025-57295

· Published 18/09/2025 21:15 · Modified 19/09/2025 16:00

Labels: CVE-2025-57295 2025-09-18CVE-2025-57295CWE-521[email protected]

Essential information

Published
18/09/2025 21:15
Modified
19/09/2025 16:00
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
h3c / h3c devices cpe:2.3:a:h3c:h3c_devices:NX15V100R015:*:*:*:*:*:*:*

References