CVE-2018-25148 HIGH

CVE-2018-25148: Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface

Vendor Microhard Systems
Product Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit
Weakness CWE-266
Published December 24, 2025
Last update December 24, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated