216.73.216.170

CVE-2025-8907

· Published 13/08/2025 13:15 · Modified 13/08/2025 17:33

Labels: CVE-2025-8907 2025-08-13CVE-2025-8907CWE-250[email protected]

Essential information

Published
13/08/2025 13:15
Modified
13/08/2025 17:33
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services". This vulnerability only affects products that are no longer supported by the maintainer.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
h3c / m2 nas cpe:2.3:a:h3c:m2_nas:v100r006:*:*:*:*:*:*:*

References