Lucene search
K

CVE-2018-25143

🗓️ 24 Dec 2025 19:27:48Reported by VulnCheckType 
cve
 cve
🔗 web.nvd.nist.gov👁 12 Views🌐 WEB

CVE-2018-25143 lets authenticated users enable a restricted SSH shell on Microhard IPn4G 1.1.0 and gain root via NcFTP.

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Node
Node
Node
Node
microhardcorpipn4gb_firmwareMatch1.1.0rev2_build1090-2
AND
Node
microhardcorpipn4gb_firmwareMatch1.1.0rev2_build1086
AND
Node
Node
Node
microhardcorpvip4gb_firmwareMatch1.1.6rev3_build1184-14
AND
[
  {
    "vendor": "Microhard Systems",
    "product": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak",
    "versions": [
      {
        "version": "IPn4G 1.1.0 build 1098",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
servicequery paramcgi-bin/webif/system-services.sh?service=msshc&action=startEndpoint to enable the Microhard Sh service which can lead to enabling a restricted SSH shell with a default msshc user, enabling a path to command injection via the NcFTP environment.CWE-78
actionquery paramcgi-bin/webif/system-services.sh?service=msshc&action=startEndpoint to enable the Microhard Sh service which can lead to enabling a restricted SSH shell with a default msshc user, enabling a path to command injection via the NcFTP environment.CWE-78
servicequery paramcgi-bin/webif/system-services.sh?service=msshc&action=enableEndpoint to auto-enable the Microhard Sh service which can lead to enabling a restricted SSH shell with a default msshc user, enabling a path to command injection via the NcFTP environment.CWE-78
actionquery paramcgi-bin/webif/system-services.sh?service=msshc&action=enableEndpoint to auto-enable the Microhard Sh service which can lead to enabling a restricted SSH shell with a default msshc user, enabling a path to command injection via the NcFTP environment.CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 01:54Current
7High risk
Vulners AI Score7
CVSS 48.7
CVSS 3.18.8
EPSS0.00516
SSVC
12