Denial of Service Vulnerability in H3C R2+ProG by H3C
CVE-2025-4997

7.1HIGH

Key Information:

Vendor

H3c

Status
Vendor
CVE Published:
20 May 2025

What is CVE-2025-4997?

A denial of service vulnerability exists in the H3C R2+ProG affecting various components. Specifically, the flaw resides in the HTTP POST Request Handler related to functions such as UpdateWanParams and SetAPInfoById. An attacker can exploit this vulnerability remotely by manipulating certain parameters, potentially leading to service disruption. Despite notifications, the vendor has not responded to the disclosure, raising concerns about the security of the product.

Affected Version(s)

R2+ProG 200R004

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CH13hh (VulDB User)
.