CVE-2018-25147

Exploit

EPSS 0.06%
Veröffentlicht 24.12.2025 19:27:50
Zuletzt bearbeitet 26.01.2026 19:47:07
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microhardcorp ≫ Ipn4g Firmware Version1.1.0 Updatebuild1098

Microhardcorp ≫ Ipn4g Version-

Microhardcorp ≫ Ipn3gb Firmware Version2.2.0 Updatebuild2160

Microhardcorp ≫ Ipn3gb Version-

Microhardcorp ≫ Ipn4gb Firmware Version1.1.6 Updatebuild1184-14

Microhardcorp ≫ Ipn4gb Version-

Microhardcorp ≫ Ipn4gb Firmware Version1.1.0 Updaterev2_build1090-2

Microhardcorp ≫ Ipn4gb Version-

Microhardcorp ≫ Ipn4gb Firmware Version1.1.0 Updaterev2_build1086

Microhardcorp ≫ Ipn4gb Version-

Microhardcorp ≫ Bullet-3g Firmware Version1.2.0 Updatereva_build1032

Microhardcorp ≫ Bullet-3g Version-

Microhardcorp ≫ Vip4gb Firmware Version1.1.6 Updatebuild_1204

Microhardcorp ≫ Vip4gb Version-

Microhardcorp ≫ Vip4gb Firmware Version1.1.6 Updaterev3_build1184-14

Microhardcorp ≫ Vip4gb Version-

Microhardcorp ≫ Vip4gb Wifi-n Firmware Version1.1.6 Updaterev2_build1196

Microhardcorp ≫ Vip4gb Wifi-n Version-

Microhardcorp ≫ Bullet-3g Firmware Version1.2.0 Updatebuild1076

Microhardcorp ≫ Bullet-3g Version-

Microhardcorp ≫ Bullet-lte Firmware Version1.2.0 Updatebuild1078

Microhardcorp ≫ Bullet-lte Version-

Microhardcorp ≫ Ipn3gii Firmware Version1.2.0 Updatebuild1076

Microhardcorp ≫ Ipn3gii Version-

Microhardcorp ≫ Ipn4gii Firmware Version1.2.0 Updatebuild1078

Microhardcorp ≫ Ipn4gii Version-

Microhardcorp ≫ Bulletplus Firmware Version1.3.0 Updatebuild1036

Microhardcorp ≫ Bulletplus Version-

Microhardcorp ≫ Dragon-lte Firmware Version1.1.0 Updatebuild1036

Microhardcorp ≫ Dragon-lte Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

http://www.microhardcorp.com

Product

https://www.exploit-db.com/exploits/45040

Exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-25147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-25147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-25147

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-25147