CVE-2025-35007
BaseFortify
Publication date: 2025-06-08
Last updated on: 2026-01-12
Assigner: Austin Hackers Anonymous
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microhardcorp | ipn4gii-na2_firmware | to 1.2.0-r1132 (inc) |
| microhardcorp | ipn4gii-na2 | * |
| microhardcorp | bulletlte-na2_firmware | to 1.2.0-r1132 (inc) |
| microhardcorp | bulletlte-na2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects products using the Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices. It is a post-authentication command injection issue in the AT+MFRULE command, which allows an attacker with some level of access to inject malicious commands. This can lead to privilege escalation, meaning the attacker can gain higher-level control than intended. It is classified as CWE-88, which involves improper neutralization of argument delimiters in commands, also known as argument injection.
How can this vulnerability impact me? :
The vulnerability can allow an attacker who has some authenticated access to the device to execute arbitrary commands with elevated privileges. This can compromise the confidentiality and integrity of the device, potentially allowing unauthorized control or manipulation of the system. The CVSS score indicates high impact on confidentiality and integrity but no impact on availability.