CVE-2025-35006
BaseFortify
Publication date: 2025-06-08
Last updated on: 2026-01-12
Assigner: Austin Hackers Anonymous
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microhardcorp | ipn4gii-na2_firmware | to 1.2.0-r1132 (inc) |
| microhardcorp | ipn4gii-na2 | * |
| microhardcorp | bulletlte-na2_firmware | to 1.2.0-r1132 (inc) |
| microhardcorp | bulletlte-na2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects products incorporating the Microhard BulletLTE-NA2 and IPn4Gii-NA2. It is a post-authentication command injection issue in the AT+MFPORTFWD command, which can allow an attacker with limited privileges to execute arbitrary commands, leading to privilege escalation. It is classified as CWE-88, which involves improper neutralization of argument delimiters in a command, also known as argument injection.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, meaning an attacker who has some level of access can execute commands with higher privileges than intended. This can compromise the confidentiality and integrity of the affected system, potentially allowing unauthorized control or manipulation of the device.