{"id": "CVE-2018-25143", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-24T20:15:48.590", "references": [{"url": "http://www.microhardcorp.com", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/45041", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges."}], "lastModified": "2026-01-26T19:52:01.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3EFDC3E-8C6F-4418-9045-79D20D9E4EA1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn4g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "00615A52-B793-4A62-83B0-960F5FE2C7A4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF5C7674-E51C-4E63-B71F-FE42E4418778"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn3gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52DB6EA5-3543-4883-B632-F23932C09587"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "101F7459-230B-4773-9338-908F9F90D469"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C7B4335-4C17-4571-A427-C215D9E8B02E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1086:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0AD86CD-8021-45C7-8B74-30F80F3346C7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:reva_build1032:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E8C1691-7206-44F2-BD61-184ACA2E4971"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92F8F1C5-0DE9-46AC-9CBE-7E5E74EE51BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:build_1204:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E65D67-5004-4EB1-BF79-A26BA221D9E3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "779EEE4C-ADED-4391-8FA9-E8EF31342884"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:rev3_build1184-14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F556B3EE-36FD-48D7-985E-DBCF6BC23DEB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "779EEE4C-ADED-4391-8FA9-E8EF31342884"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6:rev2_build1196:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D77E8DDD-8EDC-4FA6-8EB9-5F50F6CFAA52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA3F52D0-BAAB-4757-967C-7AA47A71959A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:build1076:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28D88F91-3D09-47B5-AB9B-92DBD97588AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92F8F1C5-0DE9-46AC-9CBE-7E5E74EE51BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0:build1078:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "792CB5BE-8406-49E5-B59A-8DC5150C24D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:bullet-lte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C61D697C-C430-4E98-97F0-906F4481AB1F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0:build1076:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFE4899C-B65E-4B54-B93F-86D2C5B744DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn3gii:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBCC68A0-6438-41E7-931A-E5B2D0E969FB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0:build1078:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "014461D1-9373-47E6-B3E8-B9A21A2C87BE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:ipn4gii:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E0EC57B-519C-4CCF-B227-E58CE98E88E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0:build1036:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDF28BA1-AE2D-46E1-8295-1B00BA716184"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:bulletplus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8850D0E7-AE61-426B-AACC-42744FF3A68C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0:build1036:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46F6C7EF-1B4C-4D7A-9DAE-433C811A22C2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microhardcorp:dragon-lte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33EEC533-B4B1-433D-B967-3951053273EC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclosure@vulncheck.com"}
