CVE-2018-25148
Unknown Unknown - Not Provided
Authenticated Remote Code Execution in Microhard IPn4G Admin Interface

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25148
EUVD
EUVD-2025-205329
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
microhard_systems ipn4g 1.1.0
microhard_systems ipn3gb 2.2.0
microhard_systems vip4gb 1.1.6
microhard_systems dragon-lte 1.1.0
microhard_systems bullet-3g 1.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Microhard Systems IPn4G and related 3G/4G Cellular Ethernet and Serial Gateway devices. It involves multiple authenticated remote code execution flaws in the administrative interface, where attackers who have valid credentials can exploit hidden and undocumented features to create or modify crontab jobs and system startup scripts. This allows them to execute arbitrary commands with root privileges, effectively gaining full control over the device remotely. [1, 2]

Impact Analysis

If exploited, this vulnerability allows an attacker with authenticated access to execute arbitrary commands as the root user on the affected device. This can lead to a complete compromise of the device, including starting unauthorized services, disabling firewalls, writing files to the system, and potentially taking full control of the device and its network communications. [1, 2]

Detection Guidance

Detection can involve checking for unauthorized or suspicious crontab entries and modifications to system startup scripts on the affected devices. For example, you can inspect crontab jobs by running commands like `crontab -l` or checking system-wide crontabs in `/etc/crontab` and `/etc/cron.*` directories. Additionally, reviewing the contents of system startup scripts such as `/etc/init.d/firewall` or other startup files for unexpected changes can help. Monitoring web server logs for POST requests to endpoints like `/cgi-bin/webif/system-crontabs.sh` or `/cgi-bin/webif/system-startup.sh` may reveal exploitation attempts. Specific commands to detect suspicious activity include: `crontab -l`, `cat /etc/crontab`, `grep -r 'pwn.txt' /www/`, and reviewing web server access logs for POST requests to the mentioned CGI scripts. [2]

Mitigation Strategies

Immediate mitigation steps include restricting authenticated access to the administrative interface to trusted users only, applying network-level access controls such as firewall rules to limit access to the device management interfaces, and monitoring for suspicious activity such as unauthorized crontab entries or startup script modifications. If possible, update the device firmware to a version that addresses these vulnerabilities. If no patch is available, consider disabling or restricting the vulnerable administrative web interface features. Additionally, changing default credentials and enforcing strong authentication can reduce the risk of exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25148. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart