CVE-2018-25149

Medium CVSS: 5.1

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

Vendor

Microhardcorp

Product

Ipn4g Firmware

CWE

CWE-352

Yayın Tarihi

2025-12-24 20:15:49

Güncelleme

2026-01-26 16:15:53

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Ipn4g Firmware MEDIUM Microhardcorp 2025

Referanslar

http://www.microhardcorp.com https://www.exploit-db.com/exploits/45034 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php

Benzer Kayıtlar

High

CVE-2018-25146

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and man…

Critical

CVE-2018-25147

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway opera…

High

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interfa…

High

CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SS…

High

CVE-2018-25144

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that…

High

CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers…