Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
PUBLISHED5.2CWE-863
Microhard Systems IPn4G 1.1.0 Service Control Denial of Service
Problem type
Affected products
Microhard Systems
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS
IPn4G 1.1.0 build 1098 - AFFECTED
References
ExploitDB-45035
https://www.exploit-db.com/exploits/45035
Microhard Systems Product Web Page
http://www.microhardcorp.com
Zero Science Lab Disclosure (ZSL-2018-5481)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5481.php
GitHub Security Advisories
GHSA-9wqg-38fc-34m9
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated...
https://github.com/advisories/GHSA-9wqg-38fc-34m9Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2018-25146Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2018-25146",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-12-24T20:25:28.526Z",
"dateReserved": "2025-12-24T14:28:02.435Z",
"datePublished": "2025-12-24T19:27:50.006Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-12-24T19:27:50.006Z"
},
"datePublic": "2018-03-13T00:00:00.000Z",
"title": "Microhard Systems IPn4G 1.1.0 Service Control Denial of Service",
"descriptions": [
{
"lang": "en",
"value": "Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart."
}
],
"affected": [
{
"vendor": "Microhard Systems",
"product": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS",
"versions": [
{
"version": "IPn4G 1.1.0 build 1098",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Incorrect Authorization",
"cweId": "CWE-863",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/45035",
"name": "ExploitDB-45035",
"tags": [
"exploit"
]
},
{
"url": "http://www.microhardcorp.com",
"name": "Microhard Systems Product Web Page",
"tags": [
"product"
]
},
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5481.php",
"name": "Zero Science Lab Disclosure (ZSL-2018-5481)",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
{
"lang": "en",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-24T20:25:28.526Z"
},
"title": "CISA ADP Vulnrichment",
"references": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5481.php",
"tags": [
"exploit"
]
}
],
"metrics": [
{}
]
}
]
}
}