CVE-2025-4998: Denial of Service in H3C Magic R200G
A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2025-4998 is a high-severity denial of service (DoS) vulnerability affecting the H3C Magic R200G wireless router, specifically versions up to 100R002. The vulnerability resides in the HTTP POST request handler component, particularly within several functions responsible for managing wireless SSID settings, LED indicators, mobile AP information, timing configurations, and MAC address lists. These functions include Edit_BasicSSID, Edit_BasicSSID_5G, SetAPWifiorLedInfoById, SetMobileAPInfoById, Asp_SetTimingtimeWifiAndLed, AddMacList, EditMacList, AddWlanMacList, and EditWlanMacList, all located in the /goform/aspForm file. The flaw arises from improper handling or validation of the 'param' argument in these functions, which can be manipulated remotely by an attacker via crafted HTTP POST requests to trigger a denial of service condition. This results in the affected device becoming unresponsive or crashing, thereby disrupting network connectivity. The vulnerability does not require authentication or user interaction, and the attack can be launched over the network, making it accessible to remote adversaries. Although the vendor was notified early, no response or patch has been provided, and public exploit details have been disclosed, increasing the risk of exploitation. The CVSS v4.0 score is 7.1, reflecting a high severity due to network attack vector, low attack complexity, no privileges or user interaction needed, and a high impact on availability.
Potential Impact
For European organizations, this vulnerability poses a significant risk to network availability and operational continuity, especially for those relying on H3C Magic R200G routers in their infrastructure. A successful exploitation could lead to network outages, disrupting business operations, communications, and access to critical services. This is particularly concerning for sectors requiring high availability such as finance, healthcare, manufacturing, and public services. The denial of service could also be leveraged as part of a larger attack campaign to cause widespread disruption or as a diversionary tactic while other attacks are carried out. Given the lack of vendor response and patch, organizations may face prolonged exposure. Additionally, the remote and unauthenticated nature of the exploit increases the likelihood of opportunistic attacks from cybercriminals or hacktivists targeting European networks. The impact extends beyond individual organizations to potentially affect supply chains and critical infrastructure relying on these devices.
Mitigation Recommendations
1. Immediate network segmentation: Isolate H3C Magic R200G devices from critical network segments to limit potential impact. 2. Deploy network-level protections: Use intrusion detection/prevention systems (IDS/IPS) and web application firewalls (WAF) to monitor and block suspicious HTTP POST requests targeting the vulnerable endpoints (/goform/aspForm). 3. Restrict management access: Limit access to router management interfaces to trusted IP addresses and use VPNs or secure tunnels for remote administration. 4. Monitor device behavior: Implement continuous monitoring for signs of device instability or unusual traffic patterns indicative of exploitation attempts. 5. Vendor engagement: Actively seek updates or patches from H3C and subscribe to security advisories. 6. Consider device replacement: For high-risk environments, evaluate replacing affected devices with alternatives that have timely security support. 7. Incident response readiness: Prepare response plans for potential denial of service incidents involving these devices, including rapid device reboot or replacement procedures. 8. Harden configurations: Disable unnecessary services and features on the router to reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-4998: Denial of Service in H3C Magic R200G
Description
A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2025-4998 is a high-severity denial of service (DoS) vulnerability affecting the H3C Magic R200G wireless router, specifically versions up to 100R002. The vulnerability resides in the HTTP POST request handler component, particularly within several functions responsible for managing wireless SSID settings, LED indicators, mobile AP information, timing configurations, and MAC address lists. These functions include Edit_BasicSSID, Edit_BasicSSID_5G, SetAPWifiorLedInfoById, SetMobileAPInfoById, Asp_SetTimingtimeWifiAndLed, AddMacList, EditMacList, AddWlanMacList, and EditWlanMacList, all located in the /goform/aspForm file. The flaw arises from improper handling or validation of the 'param' argument in these functions, which can be manipulated remotely by an attacker via crafted HTTP POST requests to trigger a denial of service condition. This results in the affected device becoming unresponsive or crashing, thereby disrupting network connectivity. The vulnerability does not require authentication or user interaction, and the attack can be launched over the network, making it accessible to remote adversaries. Although the vendor was notified early, no response or patch has been provided, and public exploit details have been disclosed, increasing the risk of exploitation. The CVSS v4.0 score is 7.1, reflecting a high severity due to network attack vector, low attack complexity, no privileges or user interaction needed, and a high impact on availability.
Potential Impact
For European organizations, this vulnerability poses a significant risk to network availability and operational continuity, especially for those relying on H3C Magic R200G routers in their infrastructure. A successful exploitation could lead to network outages, disrupting business operations, communications, and access to critical services. This is particularly concerning for sectors requiring high availability such as finance, healthcare, manufacturing, and public services. The denial of service could also be leveraged as part of a larger attack campaign to cause widespread disruption or as a diversionary tactic while other attacks are carried out. Given the lack of vendor response and patch, organizations may face prolonged exposure. Additionally, the remote and unauthenticated nature of the exploit increases the likelihood of opportunistic attacks from cybercriminals or hacktivists targeting European networks. The impact extends beyond individual organizations to potentially affect supply chains and critical infrastructure relying on these devices.
Mitigation Recommendations
1. Immediate network segmentation: Isolate H3C Magic R200G devices from critical network segments to limit potential impact. 2. Deploy network-level protections: Use intrusion detection/prevention systems (IDS/IPS) and web application firewalls (WAF) to monitor and block suspicious HTTP POST requests targeting the vulnerable endpoints (/goform/aspForm). 3. Restrict management access: Limit access to router management interfaces to trusted IP addresses and use VPNs or secure tunnels for remote administration. 4. Monitor device behavior: Implement continuous monitoring for signs of device instability or unusual traffic patterns indicative of exploitation attempts. 5. Vendor engagement: Actively seek updates or patches from H3C and subscribe to security advisories. 6. Consider device replacement: For high-risk environments, evaluate replacing affected devices with alternatives that have timely security support. 7. Incident response readiness: Prepare response plans for potential denial of service incidents involving these devices, including rapid device reboot or replacement procedures. 8. Harden configurations: Disable unnecessary services and features on the router to reduce attack surface.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-05-20T12:57:49.410Z
- Cisa Enriched
- false
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d6c76d4f2164cc92430d5
Added to database: 5/21/2025, 6:02:30 AM
Last enriched: 7/6/2025, 5:09:46 AM
Last updated: 8/12/2025, 6:49:03 AM
Views: 12
Related Threats
CVE-2025-9047: SQL Injection in projectworlds Visitor Management System
MediumCVE-2025-9046: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9028: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-26709: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ZTE F50
MediumCVE-2025-9027: SQL Injection in code-projects Online Medicine Guide
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.