CVE-2018-25148 — HIGH (8.8)

Vulnerability Description

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microhardcorp	Ipn4G Firmware	1.1.0
Microhardcorp	Ipn4G	-
Microhardcorp	Ipn3Gb Firmware	2.2.0
Microhardcorp	Ipn3Gb	-
Microhardcorp	Ipn4Gb Firmware	1.1.6
Microhardcorp	Ipn4Gb	-
Microhardcorp	Bullet-3G Firmware	1.2.0
Microhardcorp	Bullet-3G	-
Microhardcorp	Vip4Gb Firmware	1.1.6
Microhardcorp	Vip4Gb	-
Microhardcorp	Vip4Gb Wifi-N Firmware	1.1.6
Microhardcorp	Vip4Gb Wifi-N	-
Microhardcorp	Bullet-Lte Firmware	1.2.0
Microhardcorp	Bullet-Lte	-
Microhardcorp	Ipn3Gii Firmware	1.2.0
Microhardcorp	Ipn3Gii	-
Microhardcorp	Ipn4Gii Firmware	1.2.0
Microhardcorp	Ipn4Gii	-
Microhardcorp	Bulletplus Firmware	1.3.0
Microhardcorp	Bulletplus	-

Related Weaknesses (CWE)

CWE-266

References

http://www.microhardcorp.comProduct
https://www.exploit-db.com/exploits/45038Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.phpExploitThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.phpExploitThird Party Advisory

FAQ

What is CVE-2018-25148?

CVE-2018-25148 is a vulnerability with a CVSS score of 8.8 (HIGH). Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts...

How severe is CVE-2018-25148?

CVE-2018-25148 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25148?

Check the references section above for vendor advisories and patch information. Affected products include: Microhardcorp Ipn4G Firmware, Microhardcorp Ipn4G, Microhardcorp Ipn3Gb Firmware, Microhardcorp Ipn3Gb, Microhardcorp Ipn4Gb Firmware.