Skip to main content

Gr2200 Firmware

2 CVEs product

Monthly

CVE-2025-44653 HIGH This Week

Availability disruption in the H3C GR2200 router (firmware MiniGR1A0V100R016) arises because its bundled bftpd FTP daemon ships with USERLIMIT_GLOBAL set to 0 in /etc/bftpd.conf, imposing no ceiling on concurrent FTP sessions. Remote attackers can open large numbers of simultaneous connections to exhaust device sockets, memory, and CPU, degrading or crashing the FTP service and potentially the router itself. A public technical writeup exists and EPSS is modest (0.52%, 40th percentile); there is no public exploit identified beyond that writeup and no evidence of active exploitation (not listed in CISA KEV).

Denial Of Service Gr2200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36510 HIGH POC THREAT This Week

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gr2200 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
12.3%
EPSS 1% CVSS 7.5
HIGH This Week

Availability disruption in the H3C GR2200 router (firmware MiniGR1A0V100R016) arises because its bundled bftpd FTP daemon ships with USERLIMIT_GLOBAL set to 0 in /etc/bftpd.conf, imposing no ceiling on concurrent FTP sessions. Remote attackers can open large numbers of simultaneous connections to exhaust device sockets, memory, and CPU, degrading or crashing the FTP service and potentially the router itself. A public technical writeup exists and EPSS is modest (0.52%, 40th percentile); there is no public exploit identified beyond that writeup and no evidence of active exploitation (not listed in CISA KEV).

Denial Of Service Gr2200 Firmware
NVD GitHub
EPSS 12% CVSS 7.8
HIGH POC THREAT This Week

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gr2200 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy