CVE-2024-3890324.06.2024, 21:15H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.Command InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST4.1 MEDIUMPHYSICALLOWLOWCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LmitreCNA------CISA-ADPADP4.1 MEDIUMPHYSICALLOWLOWCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 49%Known Exploits!https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.mdhttps://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.mdCommon Weakness EnumerationCWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Referenceshttps://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.mdhttps://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.md