← Back

Ipn4gii Firmware

ipn4gii_firmware

Vendor: Microhardcorp • 7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-25149
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Jan 26, 2026
Dec 24, 2025
5.1 MEDIUM· v4
6.5 MEDIUM· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin pass...Show more
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.Show less
CVE-2018-25148
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Jan 21, 2026
Dec 24, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can expl...Show more
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.Show less
CVE-2018-25147
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Jan 26, 2026
Dec 24, 2025
9.3 CRITICAL· v4
7.5 HIGH· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the...Show more
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.Show less
CVE-2018-25146
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Feb 2, 2026
Dec 24, 2025
7.1 HIGH· v4
8.1 HIGH· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes...Show more
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.Show less
CVE-2018-25145
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Jan 26, 2026
Dec 24, 2025
7.1 HIGH· v4
6.5 MEDIUM· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from m...Show more
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.Show less
CVE-2018-25144
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Feb 2, 2026
Dec 24, 2025
8.7 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit un...Show more
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.Show less
CVE-2018-25143
1Microhardcorp
11Bullet 3g Firmware
Bullet Lte FirmwareBulletplus Firmware+8 more
Jan 26, 2026
Dec 24, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP envi...Show more
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.Show less