Primary

Context

H3C R2+ProG Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in H3C R2+ProG routers running versions through 200R004. The issue arises in the HTTP POST request handler, specifically within the '/goform/aspForm' file. The vulnerability is triggered by manipulating the 'param' argument, which can lead to a crash of the device, causing a denial-of-service condition. This vulnerability can be exploited remotely, and details of the exploit are publicly available.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, leading to a crash of the affected device.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to the '/goform/aspForm' endpoint. Include a crafted 'param' argument that exploits the vulnerability, causing the device to crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C R2+ProG Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating