CVE-2018-25149
5.1
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)
Description
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
Affected (15)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 build1098 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn4g | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.2.0 build2160 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn3gb | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 build1184-14 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 rev2_build1090-2 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 rev2_build1086 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn4gb | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 reva_build1032 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 build_1204 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 rev3_build1184-14 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Vip4gb | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.6 rev2_build1196 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Vip4gb Wifi N | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1076 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Bullet 3g | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1078 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Bullet Lte | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1076 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn3gii | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.0 build1078 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Ipn4gii | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.3.0 build1036 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Bulletplus | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.0 build1036 |
| Running on/with | Platform Versions |
|---|---|
Microhardcorp Dragon Lte | All versions |
References (4)
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory
Timeline
No history available yet.