CVE-2018-25148

High CVSS: 8.7

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

Vendor

Microhardcorp

Product

Ipn4g Firmware

CWE

CWE-266

Yayın Tarihi

2025-12-24 20:15:49

Güncelleme

2026-01-21 20:00:58

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-266 Ipn4g Firmware HIGH Microhardcorp 2025

Referanslar

http://www.microhardcorp.com https://www.exploit-db.com/exploits/45038 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php

Benzer Kayıtlar

High

CVE-2018-25146

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and man…

Critical

CVE-2018-25147

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway opera…

Medium

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform admin…

High

CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SS…

High

CVE-2018-25144

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that…

High

CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers…