CVE-2026-3943 | H3C ACG1000-AK230 up to 20260227 ?aaa_portal_auth_local_submit suffix command injection

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability, which was classified as critical, was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection.

This vulnerability is reported as CVE-2026-3943. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3943 | H3C ACG1000-AK230 up to 20260227 ?aaa_portal_auth_local_submit suffix command injection

Post correlati

CVE-2024-29221 | Mattermost Server up to 8.1.10/9.3.2/9.4.3/9.5.1/9.6.0 Add Member /api/v4/users/me/teams access control

CVE-2025-15231 | Tenda M3 1.0.0.13(4903) /goform/setVlanInfo formSetRemoteVlanInfo ID/vlan/port stack-based overflow

CVE-2025-9107 | Portabilis i-Diario up to 1.5.0 search_autocomplete q cross site scripting

CVE-2024-3021 | Mhr Post Ticker Plugin up to 1.1 on WordPress cross site scripting