CVE-2026-3943

HIGH 7.3

H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor is investigating and remediating this issue.

CWE	CWE-77 CWE-74
Vendor	h3c
Product	acg1000-ak230
Published	Mar 11, 2026
Last Updated	Mar 12, 2026

Stay Ahead of the Next One

Get instant alerts for h3c acg1000-ak230

Be the first to know when new high vulnerabilities affecting h3c acg1000-ak230 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

H3C / ACG1000-AK230

20260227

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.350353 vuldb.com: https://vuldb.com/?ctiid.350353 vuldb.com: https://vuldb.com/?submit.768850 github.com: https://github.com/leeyper/CVE/issues/1

Credits

🔍 leeyper (VulDB User)