Remote Buffer Overflows Disclosed in H3C Magic B1 `/goform/aspForm` Functions
Two high-severity vulnerabilities, CVE-2026-6563 and CVE-2026-6581, were disclosed in H3C Magic B1 devices running versions up to 100R004, exposing the products to remotely exploitable buffer overflows. Both flaws reside in the /goform/aspForm component and are triggered by crafted manipulation of the param argument, with CVE-2026-6563 affecting the SetAPWifiorLedInfoById function and CVE-2026-6581 affecting SetMobileAPInfoById.
Timeline
Apr 19, 2026
CVE-2026-6563 disclosed for H3C Magic B1 buffer overflow
A new CVE entry documented a remotely exploitable buffer overflow in H3C Magic B1 devices up to version 100R004. The flaw affects the SetAPWifiorLedInfoById function in /goform/aspForm via manipulation of the param argument, and the disclosure stated an exploit may be used in the wild and that the vendor did not respond before publication.
Apr 19, 2026
CVE-2026-6581 disclosed for H3C Magic B1 buffer overflow
A new CVE entry documented a remotely exploitable buffer overflow in H3C Magic B1 devices up to version 100R004. The flaw affects the SetMobileAPInfoById function in /goform/aspForm via manipulation of the param argument, and the disclosure noted that a public exploit exists and the vendor did not respond before publication.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Affected Products
Sources
Related Stories
Remote Buffer Overflows Disclosed in UTT HiPER 1200GW and 1250GW Routers
Two high-severity vulnerabilities have been disclosed in **UTT HiPER** router products, affecting **HiPER 1200GW** devices up to version `2.5.3-170306` and **HiPER 1250GW** devices up to version `3.2.7-210907-180535`. The flaws were assigned **`CVE-2026-4487`** and **`CVE-2026-4488`** and are both described as remotely exploitable buffer overflows tied to unsafe use of the `strcpy` function, with impact spanning confidentiality, integrity, and availability. `CVE-2026-4487` affects the `/goform/websHostFilter` component on the HiPER 1200GW, while `CVE-2026-4488` affects `/goform/setSysAdm` on the HiPER 1250GW, where manipulation of the `GroupName` argument can trigger the overflow. The issues are mapped to **`CWE-119`** and **`CWE-120`**, and public exploit disclosure has been noted for both, increasing the urgency for organizations using these devices to identify exposed systems and prioritize remediation or compensating controls.
1 months ago
Publicly Exploitable Buffer Overflows Disclosed in Tenda FH451 and F453 Routers
Two high-severity vulnerabilities have been disclosed in Tenda router firmware, affecting **FH451 1.0.0.9** and **F453 1.0.0.3**. The flaws are tracked as `CVE-2026-4534` and `CVE-2026-4552` and both involve remotely reachable stack-based buffer overflows in web management handlers. In the FH451 case, the issue is in the `formWrlExtraSet` function exposed through the `/goform/WrlExtraSet` component, where manipulation of the `GO` argument can trigger memory corruption. In the F453 case, the vulnerable code is the `fromVirtualSer` function behind the `/goform/VirtualSer` endpoint, where the `page` argument can be abused to cause a similar overflow. Both CVE records indicate that **public exploits are available**, increasing the likelihood of opportunistic attacks against exposed devices. The disclosures map the weaknesses to `CWE-119` and `CWE-121`, reflecting out-of-bounds memory handling and stack-based buffer overflow conditions, and the published scoring points to high impact on confidentiality, integrity, and availability. Organizations using these Tenda models should treat the flaws as urgent remote compromise risks, especially where router administration interfaces are internet-accessible.
1 months ago
Multiple Remote Buffer Overflow Flaws Expose Tenda F456 Routers to Exploitation
Several high-severity vulnerabilities have been disclosed in the **Tenda F456** router running firmware `1.0.0.5`, affecting the device’s `httpd` component across multiple `/goform/` endpoints. The flaws include `CVE-2026-7053` in `frmL7ProtForm` via `/goform/L7Prot`, `CVE-2026-7055` in `fromVirtualSer` via `/goform/VirtualSer`, `CVE-2026-7056` in `fromSafeUrlFilter` via `/goform/SafeUrlFilter`, and `CVE-2026-7057` in `/goform/setcfm`. In each case, crafted input to parameters such as `page`, `menufacturer`, `Go`, `funcname`, or `funcpara1` can trigger a buffer overflow. The vulnerabilities are described as **remotely exploitable** and have been mapped to `CWE-119` and `CWE-120`, with CVSS scoring indicating high impact to confidentiality, integrity, and availability. Public exploit code has also been reported for all four issues, including references to VulDB and GitHub proof-of-concept material, raising the risk of active attacks against exposed devices. Organizations using affected Tenda F456 routers should treat the flaws as urgent exposure in internet-facing network infrastructure.
5 days ago