{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3854", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-04-21T14:06:40.587Z", "datePublished": "2025-04-22T00:31:07.525Z", "dateUpdated": "2025-04-22T02:04:04.462Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-22T00:31:07.525Z"}, "title": "H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "H3C", "product": "GR-3000AX", "versions": [{"version": "V100R006", "status": "affected"}], "modules": ["HTTP POST Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in H3C GR-3000AX bis V100R006 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID der Datei /goform/aspForm der Komponente HTTP POST Request Handler. Dank der Manipulation des Arguments param mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2025-04-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-04-21T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-04-21T16:12:41.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "BabyShark (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.305778", "name": "VDB-305778 | H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.305778", "name": "VDB-305778 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.556614", "name": "Submit #556614 | New H3C Technologies Co., Ltd. H3C GR-3000AX <=100R006 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CH13hh/tmp_store_cc/blob/main/H3C%20GR-3000AX/1.md", "tags": ["exploit"]}, {"url": "https://zhiliao.h3c.com/theme/details/229784", "tags": ["related"]}, {"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T02:03:47.602628Z", "id": "CVE-2025-3854", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T02:04:04.462Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3854", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-22T02:03:47.602628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T02:03:58.320Z"}}], "cna": {"title": "H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "BabyShark (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "H3C", "modules": ["HTTP POST Request Handler"], "product": "GR-3000AX", "versions": [{"status": "affected", "version": "V100R006"}]}], "timeline": [{"lang": "en", "time": "2025-04-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-04-21T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-04-21T16:12:41.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.305778", "name": "VDB-305778 | H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.305778", "name": "VDB-305778 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.556614", "name": "Submit #556614 | New H3C Technologies Co., Ltd. H3C GR-3000AX <=100R006 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CH13hh/tmp_store_cc/blob/main/H3C%20GR-3000AX/1.md", "tags": ["exploit"]}, {"url": "https://zhiliao.h3c.com/theme/details/229784", "tags": ["related"]}, {"url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in H3C GR-3000AX bis V100R006 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID der Datei /goform/aspForm der Komponente HTTP POST Request Handler. Dank der Manipulation des Arguments param mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-04-22T00:31:07.525Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3854", "state": "PUBLISHED", "dateUpdated": "2025-04-22T02:04:04.462Z", "dateReserved": "2025-04-21T14:06:40.587Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-04-22T00:31:07.525Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en H3C GR-3000AX hasta la versi\u00f3n V100R006. La funci\u00f3n EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID del archivo /goform/aspForm del componente HTTP POST Request Handler se ve afectada. La manipulaci\u00f3n del argumento param provoca un desbordamiento del b\u00fafer. El ataque debe iniciarse dentro de la red local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se recomienda actualizar el componente afectado. Otras funciones tambi\u00e9n podr\u00edan verse afectadas."}], "id": "CVE-2025-3854", "lastModified": "2025-04-23T14:08:13.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-04-22T01:15:18.397", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/H3C%20GR-3000AX/1.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.305778"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.305778"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.556614"}, {"source": "cna@vuldb.com", "url": "https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/"}, {"source": "cna@vuldb.com", "url": "https://zhiliao.h3c.com/theme/details/229784"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}