A vulnerability labeled as critical has been found in H3C Magic B0 up to 100R002 . The affected element is the function SetMobileAPInfoById of the file /goform/aspForm . Such manipulation of the argument param leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-10259 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.