CVE-2025-4440

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions H3C GR-1800AX versions up to 100R008

Description A critical issue was found, affecting the function EnableIpv6 of the file "/goform/aspForm". The manipulation of the argument param leads to a buffer overflow. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.

Recommendations For H3C GR-1800AX versions up to 100R008, consider disabling the EnableIpv6 function of the "/goform/aspForm" file as a temporary workaround until a patch is available. Restrict access to the local network to minimize the risk of exploitation. Avoid using the param argument in the affected file until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

CVE-2025-4440

Affected Products

H3C Gr-1800Ax

CVE-2025-4440

Weakness Enumeration

Related Identifiers

Affected Products

References · 11