CVE-2018-25144

High CVSS: 8.7

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Vendor

Microhardcorp

Product

Ipn4g Firmware

CWE

CWE-22

Yayın Tarihi

2025-12-24 20:15:48

Güncelleme

2026-02-02 16:16:12

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-22 Ipn4g Firmware HIGH Microhardcorp 2025

Referanslar

http://www.microhardcorp.com https://www.exploit-db.com/exploits/45037 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

Benzer Kayıtlar

High

CVE-2018-25146

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and man…

Critical

CVE-2018-25147

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway opera…

High

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interfa…

Medium

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform admin…

High

CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SS…

High

CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers…