Skip to main content

CVE-2025-4998: Denial of Service in H3C Magic R200G

High
VulnerabilityCVE-2025-4998cvecve-2025-4998
Published: Tue May 20 2025 (05/20/2025, 20:31:04 UTC)
Source: CVE
Vendor/Project: H3C
Product: Magic R200G

Description

A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI-Powered Analysis

AILast updated: 07/06/2025, 05:09:46 UTC

Technical Analysis

CVE-2025-4998 is a high-severity denial of service (DoS) vulnerability affecting the H3C Magic R200G wireless router, specifically versions up to 100R002. The vulnerability resides in the HTTP POST request handler component, particularly within several functions responsible for managing wireless SSID settings, LED indicators, mobile AP information, timing configurations, and MAC address lists. These functions include Edit_BasicSSID, Edit_BasicSSID_5G, SetAPWifiorLedInfoById, SetMobileAPInfoById, Asp_SetTimingtimeWifiAndLed, AddMacList, EditMacList, AddWlanMacList, and EditWlanMacList, all located in the /goform/aspForm file. The flaw arises from improper handling or validation of the 'param' argument in these functions, which can be manipulated remotely by an attacker via crafted HTTP POST requests to trigger a denial of service condition. This results in the affected device becoming unresponsive or crashing, thereby disrupting network connectivity. The vulnerability does not require authentication or user interaction, and the attack can be launched over the network, making it accessible to remote adversaries. Although the vendor was notified early, no response or patch has been provided, and public exploit details have been disclosed, increasing the risk of exploitation. The CVSS v4.0 score is 7.1, reflecting a high severity due to network attack vector, low attack complexity, no privileges or user interaction needed, and a high impact on availability.

Potential Impact

For European organizations, this vulnerability poses a significant risk to network availability and operational continuity, especially for those relying on H3C Magic R200G routers in their infrastructure. A successful exploitation could lead to network outages, disrupting business operations, communications, and access to critical services. This is particularly concerning for sectors requiring high availability such as finance, healthcare, manufacturing, and public services. The denial of service could also be leveraged as part of a larger attack campaign to cause widespread disruption or as a diversionary tactic while other attacks are carried out. Given the lack of vendor response and patch, organizations may face prolonged exposure. Additionally, the remote and unauthenticated nature of the exploit increases the likelihood of opportunistic attacks from cybercriminals or hacktivists targeting European networks. The impact extends beyond individual organizations to potentially affect supply chains and critical infrastructure relying on these devices.

Mitigation Recommendations

1. Immediate network segmentation: Isolate H3C Magic R200G devices from critical network segments to limit potential impact. 2. Deploy network-level protections: Use intrusion detection/prevention systems (IDS/IPS) and web application firewalls (WAF) to monitor and block suspicious HTTP POST requests targeting the vulnerable endpoints (/goform/aspForm). 3. Restrict management access: Limit access to router management interfaces to trusted IP addresses and use VPNs or secure tunnels for remote administration. 4. Monitor device behavior: Implement continuous monitoring for signs of device instability or unusual traffic patterns indicative of exploitation attempts. 5. Vendor engagement: Actively seek updates or patches from H3C and subscribe to security advisories. 6. Consider device replacement: For high-risk environments, evaluate replacing affected devices with alternatives that have timely security support. 7. Incident response readiness: Prepare response plans for potential denial of service incidents involving these devices, including rapid device reboot or replacement procedures. 8. Harden configurations: Disable unnecessary services and features on the router to reduce attack surface.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-05-20T12:57:49.410Z
Cisa Enriched
false
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682d6c76d4f2164cc92430d5

Added to database: 5/21/2025, 6:02:30 AM

Last enriched: 7/6/2025, 5:09:46 AM

Last updated: 8/15/2025, 11:21:52 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats