CVE-2018-25148

HIGH

Microhard Systems IPn4G 1.1.0 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25148. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates authenticated remote code execution (RCE) via hidden crontab and startup script modification features in Microhard Systems' cellular gateways. It leverages undocumented admin interface functionality to execute arbitrary commands as root.

Description

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/45038

View Code ZIP pw:eip

This exploit demonstrates authenticated remote code execution (RCE) via hidden crontab and startup script modification features in Microhard Systems' cellular gateways. It leverages undocumented admin interface functionality to execute arbitrary commands as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microhard Systems IPn4Gb, IPn3Gb, Bullet-3G, VIP4Gb, etc. (multiple versions)

Auth required

Prerequisites: Authenticated access to the admin interface · Network access to the target device

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1053 - Scheduled Task/Job

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

https://www.exploit-db.com/exploits/45038

Product product

http://www.microhardcorp.com

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php

Scores

CVSS v3 8.8

EPSS 0.0067

EPSS Percentile 47.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-266

Status published

Products (12)

microhardcorp/bullet-3g_firmware 1.2.0 reva_build1032 (2 CPE variants)

microhardcorp/bullet-lte_firmware 1.2.0 build1078

microhardcorp/bulletplus_firmware 1.3.0 build1036

microhardcorp/dragon-lte_firmware 1.1.0 build1036

microhardcorp/ipn3gb_firmware 2.2.0 build2160

microhardcorp/ipn3gii_firmware 1.2.0 build1076

microhardcorp/ipn4g_firmware 1.1.0 build1098

microhardcorp/ipn4gb_firmware 1.1.6 build1184-14

microhardcorp/ipn4gb_firmware 1.1.0 rev2_build1090-2 (2 CPE variants)

microhardcorp/ipn4gii_firmware 1.2.0 build1078

... and 2 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026