Vulnerability Details CVE-2018-25145
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.9%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2018-25145
-
cpe:2.3:h:microhardcorp:bullet-3g:-
-
cpe:2.3:h:microhardcorp:bullet-lte:-
-
cpe:2.3:h:microhardcorp:bulletplus:-
-
cpe:2.3:h:microhardcorp:dragon-lte:-
-
cpe:2.3:h:microhardcorp:ipn3gb:-
-
cpe:2.3:h:microhardcorp:ipn3gii:-
-
cpe:2.3:h:microhardcorp:ipn4g:-
-
cpe:2.3:h:microhardcorp:ipn4gb:-
-
cpe:2.3:h:microhardcorp:ipn4gii:-
-
cpe:2.3:h:microhardcorp:vip4gb:-
-
cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-
-
cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0
-
cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0
-
cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0
-
cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0
-
cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0
-
cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0
-
cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0
-
cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0
-
cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6
-
cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0
-
cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6
-
cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6