CVE-2025-63258

Name of the Vulnerable Software and Affected Versions H3C ERG3/ERG5 series routers H3C XiaoBei series routers H3C cloud gateways H3C wireless access points versions R0162P07 H3C wireless access points version UAP700-WPT330-E2265 H3C wireless access points version UAP672-WPT330-R2262 H3C wireless access points version UAP662E-WPT330-R2262P03 H3C wireless access points version WAP611-WPT330-R1348-OASIS H3C wireless access points version WAP662-WPT330-R2262 H3C wireless access points version WAP662H-WPT330-R2262 H3C USG300V2-WPT330-R2129 H3C MSG300-WPT330-R1350 H3C MSG326-WPT330-R2129

Description A remote command execution (RCE) issue exists in H3C ERG3/ERG5 series routers, XiaoBei series routers, cloud gateways, and wireless access points. Successful exploitation allows attackers to inject crafted commands via the sessionid parameter, potentially leading to arbitrary code execution on the affected systems.

Recommendations Versions R0162P07 should be updated to a newer, secure version. Version UAP700-WPT330-E2265 should be updated to a newer, secure version. Version UAP672-WPT330-R2262 should be updated to a newer, secure version. Version UAP662E-WPT330-R2262P03 should be updated to a newer, secure version. Version WAP611-WPT330-R1348-OASIS should be updated to a newer, secure version. Version WAP662-WPT330-R2262 should be updated to a newer, secure version. Version WAP662H-WPT330-R2262 should be updated to a newer, secure version. Version USG300V2-WPT330-R2129 should be updated to a newer, secure version. Version MSG300-WPT330-R1350 should be updated to a newer, secure version. Version MSG326-WPT330-R2129 should be updated to a newer, secure version.