Buffer Overflow Vulnerability in H3C GR-3000AX Router
CVE-2025-3854

8.6HIGH

Key Information:

Vendor: H3c
Status: Gr-3000ax
Vendor: CVE Published:; 22 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3854?

A buffer overflow vulnerability has been identified in the H3C GR-3000AX router, specifically within the HTTP POST Request Handler's functions such as EnableIpv6, UpdateWanModeMulti, UpdateIpv6Params, EditWlanMacList, and Edit_List_SSID. The vulnerability arises from improper handling of arguments in the /goform/aspForm file, enabling local attackers to manipulate parameters and execute malicious code. This exploitation requires access to the local network, making it critical for administrators to promptly update the affected firmware to prevent potential breaches.

Affected Version(s)

GR-3000AX V100R006

References

https://vuldb.com/?id.305778

vdb-entrytechnical-description

https://vuldb.com/?ctiid.305778

signaturepermissions-required

https://vuldb.com/?submit.556614

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 22, 2025
Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

BabyShark (VulDB User)

H3c

Badges

What is CVE-2025-3854?

Affected Version(s)

References

CVSS V4

Timeline

Credit