CVE-2025-29294

Name of the Vulnerable Software and Affected Versions H3C R3000 version V100R009 H3C NX600 version V100R0011 H3C NX15000 version V100R005 H3C NX30 version V100R0011 H3C NX54 version V100R011 H3C BX54 version V100R004 H3C BX54-E version V100R0010 H3C NX18 Plus version V100R006

Description The issue allows a remote attacker to execute arbitrary code via the set ipv6 static function and the clear ipv6 info function.

Recommendations For H3C R3000 version V100R009, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C NX600 version V100R0011, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C NX15000 version V100R005, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C NX30 version V100R0011, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C NX54 version V100R011, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C BX54 version V100R004, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C BX54-E version V100R0010, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available. For H3C NX18 Plus version V100R006, consider disabling the set ipv6 static and clear ipv6 info functions until a patch is available.