CVE-2018-25143

High CVSS: 8.7

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.

Vendor

Microhardcorp

Product

Ipn4g Firmware

CWE

CWE-78

Yayın Tarihi

2025-12-24 20:15:48

Güncelleme

2026-01-26 19:52:01

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Ipn4g Firmware HIGH Microhardcorp 2025

Referanslar

http://www.microhardcorp.com https://www.exploit-db.com/exploits/45041 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php

Benzer Kayıtlar

High

CVE-2018-25146

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and man…

Critical

CVE-2018-25147

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway opera…

High

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interfa…

Medium

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform admin…

High

CVE-2018-25144

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that…

High

CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers…