CVE-2018-25149

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-25149
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.microhardcorp.com Product
https://www.exploit-db.com/exploits/45034 Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn4g:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn3gb:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1086:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:reva_build1032:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:build_1204:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:rev3_build1184-14:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6:rev2_build1196:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:build1076:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0:build1078:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:bullet-lte:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0:build1076:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn3gii:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0:build1078:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:ipn4gii:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0:build1036:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:bulletplus:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0:build1036:*:*:*:*:*:*
cpe:2.3:h:microhardcorp:dragon-lte:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-12-24 20:15

Updated : 2026-01-26 16:15

NVD link : CVE-2018-25149

Mitre link : CVE-2018-25149

CVE.ORG link : CVE-2018-25149

JSON object : View

Products Affected

microhardcorp

  • ipn3gb
  • vip4gb_firmware
  • ipn3gb_firmware
  • bullet-3g_firmware
  • ipn4gb
  • ipn4g
  • dragon-lte_firmware
  • ipn4gii_firmware
  • ipn4gb_firmware
  • ipn4g_firmware
  • bulletplus_firmware
  • bullet-3g
  • vip4gb
  • vip4gb_wifi-n_firmware
  • ipn3gii
  • bulletplus
  • ipn3gii_firmware
  • dragon-lte
  • ipn4gii
  • vip4gb_wifi-n
  • bullet-lte_firmware
  • bullet-lte
CWE
CWE-352

Cross-Site Request Forgery (CSRF)