CVE-2018-25144

HIGH

Microhard Systems IPn4G 1.1.0 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25144. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit leverages an undocumented file editor script in Microhard Systems' cellular gateways to perform arbitrary file read, modification, and deletion via unsanitized GET/POST parameters. It demonstrates reading /etc/passwd, editing files (e.g., htpasswd), and deleting files through crafted requests.

Description

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45037

View Code ZIP pw:eip

This exploit leverages an undocumented file editor script in Microhard Systems' cellular gateways to perform arbitrary file read, modification, and deletion via unsanitized GET/POST parameters. It demonstrates reading /etc/passwd, editing files (e.g., htpasswd), and deleting files through crafted requests.

Classification

Working Poc 95%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Microhard Systems IPn4Gb, IPn3Gb, VIP4Gb, Bullet-3G, Dragon-LTE (multiple versions)

Auth required

Prerequisites: Authenticated access to the web interface · Network access to the target device

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

https://www.exploit-db.com/exploits/45037

Product product

http://www.microhardcorp.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

Scores

CVSS v3 8.4

EPSS 0.0042

EPSS Percentile 33.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (12)

microhardcorp/bullet-3g_firmware 1.2.0 reva_build1032 (2 CPE variants)

microhardcorp/bullet-lte_firmware 1.2.0 build1078

microhardcorp/bulletplus_firmware 1.3.0 build1036

microhardcorp/dragon-lte_firmware 1.1.0 build1036

microhardcorp/ipn3gb_firmware 2.2.0 build2160

microhardcorp/ipn3gii_firmware 1.2.0 build1076

microhardcorp/ipn4g_firmware 1.1.0 build1098

microhardcorp/ipn4gb_firmware 1.1.6 build1184-14

microhardcorp/ipn4gb_firmware 1.1.0 rev2_build1090-2 (2 CPE variants)

microhardcorp/ipn4gii_firmware 1.2.0 build1078

... and 2 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026