CVE Details
Basic Information
| Title | H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-15T16:31:05.392Z |
| Last Seen |
Product Information
| Vendor | H3C |
|---|---|
| Product | GR-3000AX |
| Version | V100R007L50 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical buffer overflow vulnerability exists in the UpdateWanParamsMulti/UpdateIpv6Params functions of the H3C GR-3000AX router’s /routing/goform/aspForm. This can be exploited remotely, potentially allowing attackers to execute arbitrary code. The vendor acknowledges the issue but considers the risk low, with no immediate plans for a fix. |
|---|---|
| AI Severity | High |
| Vendor | H3C |
| Product | GR-3000AX |
| Affected Version | V100R007L50 |
Affected Products
- H3C GR-3000AX V100R007L50
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation.