← Back

CVE-2018-25147

nvd nist
Published: Dec 24, 2025Modified: Jan 26, 2026

JSON object

Loading...
9.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

Affected (15)

Microhardcorp
11 products
Ipn4g Firmware
Ipn3gb Firmware
Ipn4gb Firmware
Bullet 3g Firmware
Vip4gb Firmware
Vip4gb Wifi N Firmware
Bullet Lte Firmware
Ipn3gii Firmware
Ipn4gii Firmware
Bulletplus Firmware
Dragon Lte Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ipn4g Firmware
Version 1.1.0 build1098
Running on/withPlatform Versions
Microhardcorp
Ipn4g
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ipn3gb Firmware
Version 2.2.0 build2160
Running on/withPlatform Versions
Microhardcorp
Ipn3gb
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Ipn4gb Firmware
Version 1.1.6 build1184-14
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Ipn4gb Firmware
Version 1.1.0 rev2_build1090-2
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ipn4gb Firmware
Version 1.1.0 rev2_build1086
Running on/withPlatform Versions
Microhardcorp
Ipn4gb
All versions
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Bullet 3g Firmware
Version 1.2.0 reva_build1032
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Vip4gb Firmware
Version 1.1.6 build_1204
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vip4gb Firmware
Version 1.1.6 rev3_build1184-14
Running on/withPlatform Versions
Microhardcorp
Vip4gb
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vip4gb Wifi N Firmware
Version 1.1.6 rev2_build1196
Running on/withPlatform Versions
Microhardcorp
Vip4gb Wifi N
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bullet 3g Firmware
Version 1.2.0 build1076
Running on/withPlatform Versions
Microhardcorp
Bullet 3g
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bullet Lte Firmware
Version 1.2.0 build1078
Running on/withPlatform Versions
Microhardcorp
Bullet Lte
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ipn3gii Firmware
Version 1.2.0 build1076
Running on/withPlatform Versions
Microhardcorp
Ipn3gii
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ipn4gii Firmware
Version 1.2.0 build1078
Running on/withPlatform Versions
Microhardcorp
Ipn4gii
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Bulletplus Firmware
Version 1.3.0 build1036
Running on/withPlatform Versions
Microhardcorp
Bulletplus
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dragon Lte Firmware
Version 1.1.0 build1036
Running on/withPlatform Versions
Microhardcorp
Dragon Lte
All versions

Related CWEs

CWE-1392
Use of Default Credentials
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

References (4)

Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.