A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoint. The manipulation of the argument newPass results in weak password recovery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-15479 exposes a critical weakness in H3C NX15 V100R017's administrator password modification functionality. The vulnerability exists in the /api/login/modify endpoint's change_passwd function, where insufficient validation of the newPass parameter allows attackers to set weak passwords that can be easily recovered or cracked. This is particularly dangerous because it affects administrative credentials—the highest-privilege accounts in network infrastructure. Organizations running H3C NX15 devices are directly at risk, especially those with internet-facing management interfaces. Since the exploit has been publicly disclosed, the window for opportunistic attacks is open.
While this CVE lacks mapped MITRE ATT&CK techniques, Casky's Claude-powered platform would detect the attack patterns associated with this vulnerability through its 754 security skills by identifying behavioral indicators of Credential Access and Defense Evasion tactics. Practitioners using Casky would observe findings related to suspicious API calls to /api/login/modify with password parameters that fail strength validation checks, unusual administrative account modifications, or authentication patterns inconsistent with legitimate password changes. Claude's extended reasoning would correlate weak password implementations with post-compromise persistence techniques—once an attacker sets a weak admin password, they establish a backdoor with minimal detection risk. Security teams should prioritize patching H3C NX15 devices and implementing API gateway protections that enforce password complexity policies at the network boundary.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-15479. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation