CVE-2025-57577
HIGH EPSS 41.2%
Published Sep 12, 20259mo ago · Modified Jun 17, 20262w ago
8.0 CVSS 3.1
Published Sep 12, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago
Description
An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt users to change any initial credentials upon first use. At most, this would be a case of misconfiguration if an administrator deliberately ignored the prompts, which is outside the scope of CVE definitions."
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
41.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-798 Use of Hard-coded Credentials Authentication
References 3
- github.com https://github.com/XXRicardo/iot-cve/blob/main/H3C/R365V300R004.md
- h3c.com https://h3c.com
- h3c.com https://www.h3c.com/cn/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.