CVE-2018-25149

MEDIUM

Microhard Systems IPn4G 1.1.0 - CSRF

Title source: llm

Description

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappshardware

https://www.exploit-db.com/exploits/45034

View Code ZIP pw:eip

References (3)

[Product] http://www.microhardcorp.com

[Exploit] https://www.exploit-db.com/exploits/45034

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-352

Status published

Affected Products (15)

microhardcorp/ipn4g_firmware

microhardcorp/ipn3gb_firmware

microhardcorp/ipn4gb_firmware

microhardcorp/bullet-3g_firmware

microhardcorp/vip4gb_firmware

microhardcorp/vip4gb_wifi-n_firmware

microhardcorp/bullet-3g_firmware

microhardcorp/bullet-lte_firmware

microhardcorp/ipn3gii_firmware

microhardcorp/ipn4gii_firmware

microhardcorp/bulletplus_firmware

microhardcorp/dragon-lte_firmware

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026