CVE-2018-25148
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)
Description
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.
Affected (15)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 build1098 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn4g | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.2.0 build2160 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn3gb | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 build1184-14 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 rev2_build1090-2 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 rev2_build1086 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn4gb | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 reva_build1032 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 build_1204 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 rev3_build1184-14 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Vip4gb | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 rev2_build1196 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Vip4gb Wifi N | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1076 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Bullet 3g | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1078 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Bullet Lte | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1076 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn3gii | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1078 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn4gii | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3.0 build1036 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Bulletplus | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 build1036 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Dragon Lte | All versions |
References (4)
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory
Timeline
No history available yet.