CVE-2025-5156
Buffer overflow vulnerability found in H3C GR-5400AX in the EditWlanMacList function
Overview
A critical vulnerability has been observed in H3C GR-5400AX up to 100R008. This issue arises in the function EditWlanMacList of the file /routing/goform/aspForm and allows manipulation of the argument param to cause buffer overflow.
Technical Details
Attackers can exploit this vulnerability remotely due to low attack complexity and no user interaction requirement. The attack can result in high impacts on system confidentiality, integrity, and availability.
CVSS Metrics
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: LOW
- User Interaction: NONE
- Scope: UNCHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: HIGH
- Availability Impact: HIGH
Impact
The exploitation of the vulnerability might lead to buffer overflow, compromising system confidentiality, integrity, and availability.
Recommendations
Regularly update the H3C GR-5400AX system software. Monitor network activities and look for unusual patterns.
Threat Metrics
- "cvss_score": 8.8
- "severity": "HIGH"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"