EUVD-2025-18345

| CVE-2025-6091 HIGH
2025-06-15 [email protected]
Buffer Overflow
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:57 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:57 euvd
EUVD-2025-18345
CVE Published
Jun 15, 2025 - 17:15 nvd
HIGH 8.8

DescriptionNVD

A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation.

AnalysisAI

A critical buffer overflow vulnerability exists in H3C GR-3000AX V100R007L50 within the UpdateWanParamsMulti/UpdateIpv6Params functions of /routing/goform/aspForm that allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability is actively exploitable; however, the vendor has assessed the risk as low and has not committed to immediate patching, despite confirmed existence of the issue.

Technical ContextAI

This vulnerability is a classic buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in a network routing appliance's web-based management interface. The H3C GR-3000AX is a router/gateway device; the vulnerable code path processes WAN configuration parameters through HTTP POST requests to the aspForm handler. The 'param' argument passed to UpdateWanParamsMulti or UpdateIpv6Params functions does not properly validate input length before copying to a fixed-size buffer, enabling stack or heap corruption. The affected CPE would be: cpe:2.3:h:h3c:gr-3000ax:100r007l50:*:*:*:*:*:*:*. The aspForm interface is a server-side form processing component typical in embedded Linux-based network devices, suggesting the backend is likely written in C/C++ without modern memory safety protections.

RemediationAI

Immediate patches are not available from the vendor due to their assessment of low risk and lack of remediation commitment. Recommended mitigations: (1) Restrict network access to the /routing/goform/aspForm endpoint using firewall rules, allowing management traffic only from trusted administrative networks; (2) Implement network segmentation to isolate router management interfaces from untrusted network segments; (3) Monitor authentication logs for suspicious administrative activity or failed login attempts; (4) If feasible, transition to alternative routing platforms with active security support and patch availability; (5) Contact H3C support to inquire about undisclosed patches or firmware updates that may address CWE-119 issues in newer versions; (6) Implement intrusion detection/prevention signatures targeting malformed 'param' arguments to UpdateWanParamsMulti/UpdateIpv6Params if available from security vendors. Without vendor patches, compensating controls focusing on access restriction are essential.

Share

EUVD-2025-18345 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy