CVE Details
Basic Information
| Title | H3C GR-5400AX aspForm UpdateIpv6params buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-15T14:31:04.690Z |
| Last Seen |
Product Information
| Vendor | H3C |
|---|---|
| Product | GR-5400AX |
| Version | V100R009L50 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in H3C GR-5400AX V100R009L50 allows remote attackers to execute arbitrary code via a buffer overflow in the UpdateWanparamsMulti/UpdateIpv6params function of the /routing/goform/aspForm file. The vendor acknowledges the issue but considers the risk low and has no immediate plans to fix it. |
|---|---|
| AI Severity | High |
| Vendor | H3C |
| Product | GR-5400AX |
| Affected Version | V100R009L50 |
Affected Products
- H3C GR-5400AX V100R009L50
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation.