Primary

Context

H3C GR-1800AX Buffer Overflow Vulnerability in the EnableIpv6 Function

Vulnerability

A critical buffer overflow vulnerability has been identified in the H3C GR-1800AX router, affecting versions through 100R008. The issue arises in the EnableIpv6 function within the /goform/aspForm file, where the manipulation of the 'param' argument leads to a buffer overflow. This vulnerability requires access to the local network to exploit and could potentially allow for remote code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to a denial-of-service condition or allow for remote code execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the H3C GR-1800AX router's /goform/aspForm endpoint, specifically targeting the EnableIpv6 function. The 'param' argument must be manipulated in a way that exceeds the buffer's capacity, causing a buffer overflow. This can be done by controlling the input to the 'param' field to trigger the overflow condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C GR-1800AX Buffer Overflow Vulnerability in the EnableIpv6 Function

Vulnerability

Impact

Reproduction

Affected Products

H3C GR-1800AX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating