CVE-2018-25147 — HIGH (7.5)

Vulnerability Description

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Microhardcorp	Ipn4G Firmware	1.1.0
Microhardcorp	Ipn4G	-
Microhardcorp	Ipn3Gb Firmware	2.2.0
Microhardcorp	Ipn3Gb	-
Microhardcorp	Ipn4Gb Firmware	1.1.6
Microhardcorp	Ipn4Gb	-
Microhardcorp	Bullet-3G Firmware	1.2.0
Microhardcorp	Bullet-3G	-
Microhardcorp	Vip4Gb Firmware	1.1.6
Microhardcorp	Vip4Gb	-
Microhardcorp	Vip4Gb Wifi-N Firmware	1.1.6
Microhardcorp	Vip4Gb Wifi-N	-
Microhardcorp	Bullet-Lte Firmware	1.2.0
Microhardcorp	Bullet-Lte	-
Microhardcorp	Ipn3Gii Firmware	1.2.0
Microhardcorp	Ipn3Gii	-
Microhardcorp	Ipn4Gii Firmware	1.2.0
Microhardcorp	Ipn4Gii	-
Microhardcorp	Bulletplus Firmware	1.3.0
Microhardcorp	Bulletplus	-

Related Weaknesses (CWE)

CWE-1392

References

http://www.microhardcorp.comProduct
https://www.exploit-db.com/exploits/45040Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.phpExploitThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.phpExploitThird Party Advisory

FAQ

What is CVE-2018-25147?

CVE-2018-25147 is a vulnerability with a CVSS score of 7.5 (HIGH). Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root...

How severe is CVE-2018-25147?

CVE-2018-25147 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25147?

Check the references section above for vendor advisories and patch information. Affected products include: Microhardcorp Ipn4G Firmware, Microhardcorp Ipn4G, Microhardcorp Ipn3Gb Firmware, Microhardcorp Ipn3Gb, Microhardcorp Ipn4Gb Firmware.