CVE-2025-4997

Name of the Vulnerable Software and Affected Versions H3C R2+ProG versions up to 200R004

Description A problematic issue was found in the HTTP POST Request Handler component, specifically in the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit BasicSSID/Edit GuestSSIDFor2P4G/Edit BasicSSID 5G/SetAPInfoById of the file /goform/aspForm. The manipulation of the param argument leads to denial of service. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For H3C R2+ProG versions up to 200R004, as a temporary workaround, consider restricting access to the /goform/aspForm file to minimize the risk of exploitation. Avoid using the param argument in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.