CVE-2018-25143 HIGH

CVE-2018-25143: Microhard Systems IPn4G 1.1.0 Backdoor Jailbreak via Microhard Sh Service

Vendor Microhard Systems

Product Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak

Weakness CWE-78

Published December 24, 2025

Last update December 24, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.

Key dates

02Disclosure timeline

December 24, 2025 CVE published

December 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25143

Related vulnerabilities

Identifiers

CVE CVE-2018-25143

CWE CWE-78

CVSS 8.7 / HIGH

Affected versions