CVE-2018-25147 CRITICAL

CVE-2018-25147: Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass

Vendor Microhard Systems
Product Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials
Weakness CWE-1392
Published December 24, 2025
Last update December 24, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated