CVE-2025-6091

Name of the Vulnerable Software and Affected Versions H3C GR-3000AX version V100R007L50

Description A critical vulnerability was found in the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue but assesses the risk as low and does not have immediate plans for remediation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the UpdateWanParamsMulti/UpdateIpv6Params functions until a patch is available. Restrict access to the /routing/goform/aspForm file to minimize the risk of exploitation. Avoid using the param argument in the affected API endpoint until the issue is resolved.