CVE-2025-4446

Name of the Vulnerable Software and Affected Versions H3C GR-5400AX versions up to 100R008

Description A critical issue has been found that affects the Edit List SSID function of the /goform/aspForm file. The manipulation of the param argument leads to a buffer overflow. This issue can be exploited within the local network.

Recommendations For H3C GR-5400AX versions up to 100R008, as a temporary workaround, consider restricting access to the /goform/aspForm file until a patch is available. Avoid using the param argument in the affected function Edit List SSID until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.