CVE-2025-5156

Name of the Vulnerable Software and Affected Versions H3C GR-5400AX versions up to 100R008

Description A critical issue was found in the EditWlanMacList function of the file /routing/goform/aspForm, which can be exploited remotely. The manipulation of the param argument leads to a buffer overflow. The exploit has been disclosed to the public. The vendor was contacted about this issue but did not respond.

Recommendations For H3C GR-5400AX versions up to 100R008, as a temporary workaround, consider disabling the EditWlanMacList function until a patch is available. Restrict access to the /routing/goform/aspForm file to minimize the risk of exploitation. Avoid using the param argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.