CVE-2022-36509

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

Basic Information

CVE State: PUBLISHED
Reserved Date: July 25, 2022
Published Date: August 25, 2022
Last Updated: June 17, 2025
Vendor: H3C
Product: GR3200
Description: H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score: 0.80% (Percentile: 73.06%) as of 2025-07-29

SSVC Information

Exploitation: poc
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-07-07 00:00:00 UTC) Source

References

https://github.com/Darry-lang1/vuln/blob/main/H3C/GR3200/1/readme.md

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-07-08 12:00:53 UTC

Timeline

CVE ID Reserved

July 25, 2022
CVE Published to Public

August 25, 2022
Added to KEVIntel

July 08, 2025