CVE-2026-15479
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-640
Mecanismo débil para recuperación de contraseñas olvidadas
Fecha de publicación:
12/07/2026
Última modificación:
12/07/2026
Descripción
*** Pendiente de traducción *** A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
Impacto
Puntuación base 4.0
5.50
Gravedad 4.0
MEDIA
Puntuación base 3.x
7.30
Gravedad 3.x
ALTA
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA



