Product
A critical vulnerability, CVE-2026-15479, in H3C NX15 V100R017 allows remote attackers to perform weak password recovery by manipulating the 'newPass' argument in the '/api/login/modify' endpoint, leading to unauthorized administrator access.