Cyber Posture

CVE-2018-25148

HighPublic PoC

Published: 24 December 2025

Published
24 December 2025
Modified
21 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0042 61.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,…

more

including starting services, disabling firewalls, and writing files to the system.

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Directly counters CWE-266 incorrect privilege assignment by ensuring low-privilege authenticated users cannot execute root-level commands via admin interface flaws.

SI-2 Flaw Remediation good match
prevent

Remediates the specific authenticated RCE vulnerabilities by applying vendor patches or updates to eliminate crontab, startup script, and hidden feature exploits.

CM-7 Least Functionality good match
prevent

Limits the admin interface to least functionality, preventing exposure of unnecessary features that enable arbitrary command execution with root privileges.

Security SummaryAI

CVE-2018-25148 is a set of multiple authenticated remote code execution vulnerabilities in the admin interface of Microhard Systems IPn4G version 1.1.0. These flaws enable attackers to create crontab jobs, modify system startup scripts, and leverage hidden admin features to execute arbitrary commands with root privileges. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-266 (Incorrect Privilege Assignment).

Attackers with low-privilege authenticated access to the admin interface can exploit these issues remotely over the network with low attack complexity and no user interaction required. Successful exploitation provides root-level access, allowing adversaries to start services, disable firewalls, write files to the system, and perform other arbitrary command execution, resulting in high impacts to confidentiality, integrity, and availability.

Advisories from Zero Science Labs (ZSL-2018-5479) detail the vulnerabilities, and a public proof-of-concept exploit is available on Exploit-DB (45038). The Microhard Systems website (microhardcorp.com) is referenced for potential additional vendor guidance.

Details

CWE(s)
CWE-266

Affected Products

microhardcorp
ipn4g firmware
1.1.0
microhardcorp
ipn3gb firmware
2.2.0
microhardcorp
ipn4gb firmware
1.1.0, 1.1.6
microhardcorp
bullet-3g firmware
1.2.0
microhardcorp
vip4gb firmware
1.1.6
microhardcorp
vip4gb wifi-n firmware
1.1.6
microhardcorp
bullet-lte firmware
1.2.0
microhardcorp
ipn3gii firmware
1.2.0
microhardcorp
ipn4gii firmware
1.2.0
microhardcorp
bulletplus firmware
1.3.0
+1 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1053.003 Cron Execution
Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.
attack.mitre.org →
T1037.004 RC Scripts Persistence
Adversaries may establish persistence by modifying RC scripts, which are executed during a Unix-like system’s startup.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Vulnerability enables privilege escalation from low-priv to root (T1068), creation of crontab jobs (T1053.003), modification of system startup scripts like RC scripts (T1037.004), and arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References