CVE-2025-4998 | H3C Magic R200G up to 100R002 HTTP POST Request /goform/aspForm param denial of service

A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function

Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList

of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service.

This vulnerability is known as CVE-2025-4998. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4998 | H3C Magic R200G up to 100R002 HTTP POST Request /goform/aspForm param denial of service

Post correlati

CVE-2025-21468 | Qualcomm Snapdragon Auto up to WSA8845H FW Response out-of-bounds write

CVE-2024-23271 | Apple macOS Website cross-domain policy

CVE-2024-5082 | Sonatype Nexus Repository 2 OSS/Nexus Repository 2 Pro up to 2.15.1 code injection

CVE-2022-1760 | Core Control Plugin up to 1.2.1 on WordPress Setting cross-site request forgery