CVE-2018-25148

Exploit

EPSS 0.32%
Veröffentlicht 24.12.2025 19:27:50
Zuletzt bearbeitet 21.01.2026 20:00:58
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microhardcorp ≫ Ipn4g Firmware Version1.1.0 Updatebuild1098

Microhardcorp ≫ Ipn4g Version-

Microhardcorp ≫ Ipn3gb Firmware Version2.2.0 Updatebuild2160

Microhardcorp ≫ Ipn3gb Version-

Microhardcorp ≫ Ipn4gb Firmware Version1.1.6 Updatebuild1184-14

Microhardcorp ≫ Ipn4gb Version-

Microhardcorp ≫ Ipn4gb Firmware Version1.1.0 Updaterev2_build1090-2

Microhardcorp ≫ Ipn4gb Version-

Microhardcorp ≫ Ipn4gb Firmware Version1.1.0 Updaterev2_build1086

Microhardcorp ≫ Ipn4gb Version-

Microhardcorp ≫ Bullet-3g Firmware Version1.2.0 Updatereva_build1032

Microhardcorp ≫ Bullet-3g Version-

Microhardcorp ≫ Vip4gb Firmware Version1.1.6 Updatebuild_1204

Microhardcorp ≫ Vip4gb Version-

Microhardcorp ≫ Vip4gb Firmware Version1.1.6 Updaterev3_build1184-14

Microhardcorp ≫ Vip4gb Version-

Microhardcorp ≫ Vip4gb Wifi-n Firmware Version1.1.6 Updaterev2_build1196

Microhardcorp ≫ Vip4gb Wifi-n Version-

Microhardcorp ≫ Bullet-3g Firmware Version1.2.0 Updatebuild1076

Microhardcorp ≫ Bullet-3g Version-

Microhardcorp ≫ Bullet-lte Firmware Version1.2.0 Updatebuild1078

Microhardcorp ≫ Bullet-lte Version-

Microhardcorp ≫ Ipn3gii Firmware Version1.2.0 Updatebuild1076

Microhardcorp ≫ Ipn3gii Version-

Microhardcorp ≫ Ipn4gii Firmware Version1.2.0 Updatebuild1078

Microhardcorp ≫ Ipn4gii Version-

Microhardcorp ≫ Bulletplus Firmware Version1.3.0 Updatebuild1036

Microhardcorp ≫ Bulletplus Version-

Microhardcorp ≫ Dragon-lte Firmware Version1.1.0 Updatebuild1036

Microhardcorp ≫ Dragon-lte Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.548

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

http://www.microhardcorp.com

Product

https://www.exploit-db.com/exploits/45038

Exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-25148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-25148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-25148

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-25148