CVE-2025-35010
BaseFortify
Publication date: 2025-06-08
Last updated on: 2026-01-12
Assigner: Austin Hackers Anonymous
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microhardcorp | ipn4gii-na2_firmware | to 1.2.0-r1132 (inc) |
| microhardcorp | ipn4gii-na2 | * |
| microhardcorp | bulletlte-na2_firmware | to 1.2.0-r1132 (inc) |
| microhardcorp | bulletlte-na2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects products using the Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices. It is a post-authentication command injection issue in the AT+MNPINGTM command, which allows an attacker with some level of access to inject malicious commands. This can lead to privilege escalation, meaning the attacker can gain higher-level permissions than intended. It is classified as CWE-88, which involves improper neutralization of argument delimiters in commands, also known as argument injection.
How can this vulnerability impact me? :
The vulnerability can allow an attacker who has some level of authenticated access to execute arbitrary commands on the affected device, leading to privilege escalation. This means the attacker could gain higher privileges, potentially compromising the confidentiality and integrity of the system. The CVSS score indicates high impact on confidentiality and integrity, though availability is not affected.