CVE-2018-25144

HIGH

Microhard Systems IPn4G 1.1.0 - Auth Bypass

Title source: llm

Description

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45037

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit

https://www.exploit-db.com/exploits/45037

Product product

http://www.microhardcorp.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

Scores

CVSS v3 8.4

EPSS 0.0028

EPSS Percentile 51.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (12)

microhardcorp/bullet-3g_firmware 1.2.0 reva_build1032 (2 CPE variants)

microhardcorp/bullet-lte_firmware 1.2.0 build1078

microhardcorp/bulletplus_firmware 1.3.0 build1036

microhardcorp/dragon-lte_firmware 1.1.0 build1036

microhardcorp/ipn3gb_firmware 2.2.0 build2160

microhardcorp/ipn3gii_firmware 1.2.0 build1076

microhardcorp/ipn4g_firmware 1.1.0 build1098

microhardcorp/ipn4gb_firmware 1.1.6 build1184-14

microhardcorp/ipn4gb_firmware 1.1.0 rev2_build1090-2 (2 CPE variants)

microhardcorp/ipn4gii_firmware 1.2.0 build1078

... and 2 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026