CVE-2025-3854

Name of the Vulnerable Software and Affected Versions H3C GR-3000AX versions up to V100R006

Description A critical vulnerability was found in the HTTP POST Request Handler component of H3C GR-3000AX. The affected function is EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit List SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well.

Recommendations To resolve the issue, upgrade the H3C GR-3000AX to a version later than V100R006. As a temporary workaround, consider restricting access to the HTTP POST Request Handler component or disabling the affected function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit List SSID to minimize the risk of exploitation.