Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-3854
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-22 Apr, 2025 | 00:31
Updated At-22 Apr, 2025 | 02:04
Rejected At-
▼CVE Numbering Authority (CNA)
H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow

A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well.

Affected Products
Vendor
New H3C Technologies Co., Ltd.H3C
Product
GR-3000AX
Modules
  • HTTP POST Request Handler
Versions
Affected
  • V100R006
Problem Types
TypeCWE IDDescription
CWECWE-120Buffer Overflow
CWECWE-119Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.08.0HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.07.7N/A
AV:A/AC:L/Au:S/C:C/I:C/A:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
BabyShark (VulDB User)
Timeline
EventDate
Advisory disclosed2025-04-21 00:00:00
VulDB entry created2025-04-21 02:00:00
VulDB entry last update2025-04-21 16:12:41
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.305778
vdb-entry
technical-description
https://vuldb.com/?ctiid.305778
signature
permissions-required
https://vuldb.com/?submit.556614
third-party-advisory
https://github.com/CH13hh/tmp_store_cc/blob/main/H3C%20GR-3000AX/1.md
exploit
https://zhiliao.h3c.com/theme/details/229784
related
https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found