Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

M2 NAS

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-8907
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 13:02
Updated-13 Aug, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
H3C M2 NAS Webserver Configuration unnecessary privileges

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services". This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-New H3C Technologies Co., Ltd.
Product-M2 NAS
CWE ID-CWE-250
Execution with Unnecessary Privileges