CVE-2018-25148

moderate-risk
Published 2025-12-24

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (15)

Ipn4G Firmware
Ipn3Gb Firmware
Ipn4Gb Firmware
Ipn4Gb Firmware
Ipn4Gb Firmware
Bullet-3G Firmware
Vip4Gb Firmware
Vip4Gb Firmware
Vip4Gb Wifi-N Firmware
Bullet-3G Firmware
Ipn3Gii Firmware
Ipn4Gii Firmware
Bulletplus Firmware
Dragon-Lte Firmware

Affected Vendors

Microhardcorp

References (4)

Product http://www.microhardcorp.com
Exploit https://www.exploit-db.com/exploits/45038
Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php
Exploit https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php
49
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate