CVE-2018-25149
CSRF Vulnerability in Microhard IPn4G 1.1.0 Enables Admin Takeover
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microhard_systems | ipn4g | 1.1.0 |
| microhard_systems | ipn4g | * |
| microhard_systems | ipn4gb | * |
| microhard_systems | vip4gb | * |
| microhard_systems | dragon-lte | * |
| microhard_systems | bullet-3g | * |
| microhard_systems | vip4g-wifi-n | * |
| microhard_systems | ipn3gii | * |
| microhard_systems | bullet-lte | * |
| microhard_systems | bulletplus | * |
| microhard_systems | vip4g | * |
| microhard_systems | ipn3gb | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows attackers to perform unauthorized administrative actions, including changing admin passwords and adding users without consent, it could potentially lead to unauthorized access and control over sensitive data or systems. This unauthorized access could result in non-compliance with regulations that require strict access controls and protection of sensitive information. Nevertheless, no direct statements about compliance impact are available in the provided text. [1, 2]
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) affecting Microhard Systems IPn4G 1.1.0 devices. It allows attackers to trick authenticated users into loading malicious web pages that send unauthorized HTTP requests to the device's web interface. Because the device does not validate the authenticity of these requests, attackers can perform administrative actions such as changing admin passwords, adding new users, and modifying system settings without the user's consent. [1, 2]
How can this vulnerability impact me? :
The vulnerability can allow remote attackers to gain unauthorized administrative control over the affected Microhard Systems IPn4G device. This means attackers can change administrator passwords, add new administrative users, and alter system configurations without permission. Such unauthorized access can compromise the security and operation of the device, potentially disrupting critical wireless communication services and exposing sensitive network infrastructure. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP POST requests to the device's web interface endpoints, such as /cgi-bin/webif/system-acl.sh, which perform administrative actions without proper CSRF tokens or validation. You can use network traffic analysis tools like tcpdump or Wireshark to capture HTTP requests to the device's IP address and inspect for unexpected POST requests that change admin settings. Additionally, reviewing web server logs on the device for POST requests that change passwords or add users without corresponding legitimate user actions can help detect exploitation attempts. Example commands include: 1) tcpdump -i <interface> host <device_ip> and port 80 or 443 -w capture.pcap 2) grep POST /var/log/httpd/access.log (or equivalent) on the device to find suspicious POST requests. Since the exploit uses crafted HTTP POST forms targeting specific endpoints, detecting such requests can indicate exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the device's web interface to trusted networks or IP addresses using firewall rules or IP/MAC access control lists, as the device supports these security features. Disable remote web administration if not needed. Educate users to avoid visiting untrusted or malicious websites while authenticated to the device. If possible, update the device firmware to a version that addresses the CSRF vulnerability, although no vendor response or patch was noted. As a workaround, implement network-level protections such as VPNs or IPsec tunnels to limit exposure. Monitoring and alerting on suspicious administrative HTTP requests can also help mitigate risk. [1, 2]