1. Home
  2. CVE Database
  3. CVE-2018-25149
MEDIUM · 6.5

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages ...

Vulnerability Description

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
MicrohardcorpIpn4G Firmware1.1.0
MicrohardcorpIpn4G-
MicrohardcorpIpn3Gb Firmware2.2.0
MicrohardcorpIpn3Gb-
MicrohardcorpIpn4Gb Firmware1.1.6
MicrohardcorpIpn4Gb-
MicrohardcorpBullet-3G Firmware1.2.0
MicrohardcorpBullet-3G-
MicrohardcorpVip4Gb Firmware1.1.6
MicrohardcorpVip4Gb-
MicrohardcorpVip4Gb Wifi-N Firmware1.1.6
MicrohardcorpVip4Gb Wifi-N-
MicrohardcorpBullet-Lte Firmware1.2.0
MicrohardcorpBullet-Lte-
MicrohardcorpIpn3Gii Firmware1.2.0
MicrohardcorpIpn3Gii-
MicrohardcorpIpn4Gii Firmware1.2.0
MicrohardcorpIpn4Gii-
MicrohardcorpBulletplus Firmware1.3.0
MicrohardcorpBulletplus-

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2018-25149?

CVE-2018-25149 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages ...

How severe is CVE-2018-25149?

CVE-2018-25149 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-25149?

Check the references section above for vendor advisories and patch information. Affected products include: Microhardcorp Ipn4G Firmware, Microhardcorp Ipn4G, Microhardcorp Ipn3Gb Firmware, Microhardcorp Ipn3Gb, Microhardcorp Ipn4Gb Firmware.