← Back
2025-12-24 19:27CVE-2018-25144VulnCheck
PUBLISHED5.2CWE-22

Microhard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System Editor

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Problem type

Affected products

Microhard Systems

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks

IPn4G 1.1.0 build 1098 - AFFECTED

References

ExploitDB-45037

https://www.exploit-db.com/exploits/45037

exploit
Microhard Systems Product Homepage

http://www.microhardcorp.com

product
Zero Science Lab Disclosure (ZSL-2018-5485)

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

third-party-advisory

GitHub Security Advisories

GHSA-gpch-6qpg-rp8g

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden...

https://github.com/advisories/GHSA-gpch-6qpg-rp8g

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2018-25144

exploit-db.com

https://www.exploit-db.com/exploits/45037

zeroscience.mk

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

microhardcorp.com

http://www.microhardcorp.com

github.com

https://github.com/advisories/GHSA-gpch-6qpg-rp8g

JSON source

https://cveawg.mitre.org/api/cve/CVE-2018-25144
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2018-25144",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2025-12-24T20:25:41.747Z",
    "dateReserved": "2025-12-24T14:28:02.435Z",
    "datePublished": "2025-12-24T19:27:49.167Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2025-12-24T19:27:49.167Z"
      },
      "datePublic": "2018-03-13T00:00:00.000Z",
      "title": "Microhard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System Editor",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests."
        }
      ],
      "affected": [
        {
          "vendor": "Microhard Systems",
          "product": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks",
          "versions": [
            {
              "version": "IPn4G 1.1.0 build 1098",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
              "cweId": "CWE-22",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/45037",
          "name": "ExploitDB-45037",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "http://www.microhardcorp.com",
          "name": "Microhard Systems Product Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php",
          "name": "Zero Science Lab Disclosure (ZSL-2018-5485)",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "attackVector": "LOCAL",
            "attackComplexity": "LOW",
            "privilegesRequired": "LOW",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-12-24T20:25:41.747Z"
        },
        "title": "CISA ADP Vulnrichment",
        "references": [
          {
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php",
            "tags": [
              "exploit"
            ]
          }
        ],
        "metrics": [
          {}
        ]
      }
    ]
  }
}