Cyber Posture

CVE-2018-25144

HighPublic PoC

Published: 24 December 2025

Published
24 December 2025
Modified
02 February 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0028 51.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system…

more

modifications through GET and POST requests.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses unsanitized input parameters enabling path traversal by enforcing information input validation mechanisms at entry points.

CM-7 Least Functionality good match
prevent

Least functionality prohibits or restricts unnecessary hidden scripts like system-editor.sh, eliminating the vulnerable attack surface.

AC-3 Access Enforcement partial match
prevent

Enforces approved authorizations for logical access to files, mitigating unauthorized read, modify, or delete operations even in the presence of authentication bypass.

Security SummaryAI

CVE-2018-25144 is an authentication bypass vulnerability in Microhard Systems IPn4G version 1.1.0, affecting the hidden system-editor.sh script. The flaw stems from unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters, enabling path traversal (CWE-22) via GET and POST requests. This allows attackers to read, modify, or delete arbitrary files. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers require no privileges or user interaction to exploit the issue with low attack complexity. Exploitation grants high-impact access to the file system, potentially allowing full read, write, and delete operations on arbitrary files, which could lead to complete device compromise.

Advisories and resources include the vendor site at http://www.microhardcorp.com, an exploit at https://www.exploit-db.com/exploits/45037, and a vulnerability report from Zero Science Labs at https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php. Security practitioners should review these for patch availability and mitigation guidance.

Details

CWE(s)
CWE-22

Affected Products

microhardcorp
ipn4g firmware
1.1.0
microhardcorp
ipn3gb firmware
2.2.0
microhardcorp
ipn4gb firmware
1.1.0, 1.1.6
microhardcorp
bullet-3g firmware
1.2.0
microhardcorp
vip4gb firmware
1.1.6
microhardcorp
vip4gb wifi-n firmware
1.1.6
microhardcorp
bullet-lte firmware
1.2.0
microhardcorp
ipn3gii firmware
1.2.0
microhardcorp
ipn4gii firmware
1.2.0
microhardcorp
bulletplus firmware
1.3.0
+1 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
Why these techniques?

Path traversal via unauthenticated web script enables public-facing app exploitation (T1190), Linux credential dumping from /etc/passwd/shadow (T1003.008), arbitrary local file reads for data collection (T1005), and arbitrary file deletion (T1070.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References