H3C GR-3000AX Buffer Overflow Vulnerability in UpdateWanParamsMulti and UpdateIpv6Params Functions

A critical buffer overflow vulnerability has been identified in the H3C GR-3000AX router, specifically in the V100R007L50 release. The issue arises in the UpdateWanParamsMulti and UpdateIpv6Params functions within the /routing/goform/aspForm file. The vulnerability can be exploited remotely by manipulating the 'param' argument, leading to a buffer overflow condition. This flaw has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to a denial-of-service condition or arbitrary code execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the '/routing/goform/aspForm' endpoint, specifically targeting the 'param' argument. This manipulation causes a buffer overflow by exceeding the allocated buffer size, which can disrupt normal operation or allow for the execution of malicious code.