Primary

Context

H3C Routers and Access Points Remote Command Execution Vulnerability

Vulnerability

Patched

A remote command execution vulnerability has been identified in H3C ERG3/ERG5 series routers, XiaoBei series routers, cloud gateways, and wireless access points. This vulnerability affects specific versions of these products, including H3C ERG3 series and UR series devices. The issue arises when devices are configured to allow remote management, enabling attackers to inject crafted commands that bypass security authentication and access sensitive information from the device.

Impact

Exploitation of this vulnerability allows for remote command execution on the affected devices, potentially leading to unauthorized access and manipulation of device functions or data.

Remediation

Users are advised to upgrade to H3C ERG3 series Release 0162P11 or H3C UR series Release 0162P11. For temporary mitigation, remote Web management and Telnet management features can be disabled, although the former is off by default.

Added: Nov 18, 2025, 5:46 PM

Updated: Nov 18, 2025, 10:27 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.8

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.8

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

H3C Routers and Access Points Remote Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

H3C ERG3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating