CVE-2018-25144 HIGH

CVE-2018-25144: Microhard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System Editor

Vendor Microhard Systems
Product Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks
Weakness CWE-22 · Path traversal
Published December 24, 2025
Last update February 2, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
February 2, 2026 Record updated