CVE-2025-4998

Name of the Vulnerable Software and Affected Versions H3C Magic R200G versions up to 100R002

Description A vulnerability has been found in the HTTP POST Request Handler component, specifically affecting the function Edit BasicSSID, Edit BasicSSID 5G, SetAPWifiorLedInfoById, SetMobileAPInfoById, Asp SetTimingtimeWifiAndLed, AddMacList, EditMacList, AddWlanMacList, and EditWlanMacList of the file /goform/aspForm. The manipulation of the param argument leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For H3C Magic R200G versions up to 100R002, as a temporary workaround, consider restricting access to the /goform/aspForm file to minimize the risk of exploitation. Avoid using the param argument in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.