{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-6560/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-6560"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["buffer overflow","cve-2026-6560","h3c","router","network device"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical buffer overflow vulnerability (CVE-2026-6560) has been identified in H3C Magic B0 routers, specifically in versions up to 100R002. The vulnerability resides within the \u003ccode\u003eEdit_BasicSSID\u003c/code\u003e function of the \u003ccode\u003e/goform/aspForm\u003c/code\u003e file. An attacker can remotely exploit this flaw by crafting malicious input to the \u003ccode\u003eparam\u003c/code\u003e argument, leading to arbitrary code execution on the device. Public exploits are reportedly available, increasing the risk of widespread exploitation. The vendor was notified about this vulnerability, but has not provided any response or patch as of April 2026. This poses a significant risk to users of the affected H3C Magic B0 routers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable H3C Magic B0 router running firmware version 100R002 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/goform/aspForm\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the \u003ccode\u003eEdit_BasicSSID\u003c/code\u003e function call.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eparam\u003c/code\u003e argument within the POST data contains a specially crafted string exceeding the buffer size allocated in the \u003ccode\u003eEdit_BasicSSID\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow occurs when the \u003ccode\u003eEdit_BasicSSID\u003c/code\u003e function processes the oversized \u003ccode\u003eparam\u003c/code\u003e argument without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites adjacent memory regions, potentially including the return address on the stack.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the program execution flow.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the router, potentially gaining full control of the device, exfiltrating data, or using it as a pivot point for further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this buffer overflow vulnerability (CVE-2026-6560) allows a remote attacker to execute arbitrary code on the affected H3C Magic B0 router. This could lead to a complete compromise of the device, including the ability to modify router settings, intercept network traffic, and potentially gain access to connected devices on the network. Given the availability of public exploits, widespread exploitation is possible, potentially impacting a large number of home and small business networks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/goform/aspForm\u003c/code\u003e with unusually long \u003ccode\u003eparam\u003c/code\u003e arguments (refer to the Attack Chain section).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for requests to \u003ccode\u003e/goform/aspForm\u003c/code\u003e to mitigate potential exploitation attempts (refer to the Attack Chain section).\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect exploitation attempts targeting the vulnerable \u003ccode\u003eEdit_BasicSSID\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eBlock network traffic originating from or destined to H3C Magic B0 devices until a patch is available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-19T07:16:05Z","date_published":"2026-04-19T07:16:05Z","id":"/briefs/2026-04-h3c-magic-buffer-overflow/","summary":"A buffer overflow vulnerability (CVE-2026-6560) in H3C Magic B0 up to 100R002 allows remote attackers to execute arbitrary code by manipulating the 'param' argument in the Edit_BasicSSID function of the /goform/aspForm file.","title":"H3C Magic B0 Router Buffer Overflow Vulnerability (CVE-2026-6560)","url":"https://feed.craftedsignal.io/briefs/2026-04-h3c-magic-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-6560","version":"https://jsonfeed.org/version/1.1"}