Buffer Overflow Vulnerability in H3C GR-5400AX Router
CVE-2025-4446

8.6HIGH

Key Information:

Vendor: H3c
Status: Gr-5400ax
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-4446?

A buffer overflow vulnerability has been identified in the H3C GR-5400AX router models up to version 100R008. This issue resides within the Edit_List_SSID function of the /goform/aspForm file, where improper handling of the 'param' argument can lead to overflow conditions. Attackers with access to the local network could exploit this vulnerability, potentially allowing them to execute arbitrary code or manipulate affected router functionalities. Users are advised to review network security protocols and ensure their devices are updated to prevent exploitation.

Affected Version(s)

GR-5400AX 100R008

References

https://vuldb.com/?id.308056

vdb-entrytechnical-description

https://vuldb.com/?ctiid.308056

signaturepermissions-required

https://vuldb.com/?submit.561866

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 8, 2025

Credit

BabyShark (VulDB User)

H3c

What is CVE-2025-4446?

Affected Version(s)

References

CVSS V4

Timeline

Credit