CVE-2018-25147

HIGH

Microhard Systems IPn4G 1.1.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25147. PoCs published by LiquidWorm.

AI-analyzed exploit summary This writeup discloses hard-coded default credentials in Microhard Systems' cellular gateways, allowing unauthorized root access. It lists multiple affected firmware versions and provides credential details for various accounts.

Description

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/45040

View Code ZIP pw:eip

This writeup discloses hard-coded default credentials in Microhard Systems' cellular gateways, allowing unauthorized root access. It lists multiple affected firmware versions and provides credential details for various accounts.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Microhard Systems IPn4Gb, IPn3Gb, Bullet-3G, VIP4Gb, etc. (multiple versions)

No auth needed

Prerequisites: network access to the device

MITRE ATT&CK

T1078 - Valid Accounts T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

https://www.exploit-db.com/exploits/45040

Product product

http://www.microhardcorp.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 24.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-1392

Status published

Products (12)

microhardcorp/bullet-3g_firmware 1.2.0 reva_build1032 (2 CPE variants)

microhardcorp/bullet-lte_firmware 1.2.0 build1078

microhardcorp/bulletplus_firmware 1.3.0 build1036

microhardcorp/dragon-lte_firmware 1.1.0 build1036

microhardcorp/ipn3gb_firmware 2.2.0 build2160

microhardcorp/ipn3gii_firmware 1.2.0 build1076

microhardcorp/ipn4g_firmware 1.1.0 build1098

microhardcorp/ipn4gb_firmware 1.1.6 build1184-14

microhardcorp/ipn4gb_firmware 1.1.0 rev2_build1090-2 (2 CPE variants)

microhardcorp/ipn4gii_firmware 1.2.0 build1078

... and 2 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026