17 matches found
Microhard IPn4G Cellular Gateways Cross-Site Request Forgery (CVE-2018-25149)
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...
Microhard IPn4G Cellular Gateways Incorrect Authorization (CVE-2018-25146)
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service...
Microhard IPn4G Cellular Gateways Path Traversal (CVE-2018-25144)
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform...
CVE-2018-25147
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations...
CVE-2018-25143
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...
CVE-2018-25143
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...
CVE-2018-25145
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...
CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...
CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...
CVE-2018-25149
CVE-2018-25149 affects Microhard Systems IPn4G 1.1.0. The vulnerability is a cross-site request forgery (CSRF) in the device’s web interface that allows an attacker to induce administrative actions without user consent by tricking an authenticated user into loading a malicious page. Documented im...
CVE-2018-25147
CVE-2018-25147 concerns Microhard Systems IPn4G 1.1.0. The vulnerability arises from hardcoded default credentials that cannot be changed via normal gateway operations. Exploitation would allow an attacker to gain unauthorized root-level access by logging in with predefined username/password comb...
CVE-2018-25145
The CVE concerns Microhard Systems IPn4G 1.1.0, where an authenticated user can download sensitive configuration files via a configuration-disclosure vulnerability. Affected component is the device’s configuration storage accessible from multiple directories including '/www', '/etc/m_cli/', and '...
CVE-2018-25144 Microhard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System Editor
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform...
CVE-2018-25143 Microhard Systems IPn4G 1.1.0 Backdoor Jailbreak via Microhard Sh Service
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...
CVE-2018-25143 Microhard Systems IPn4G 1.1.0 Backdoor Jailbreak via Microhard Sh Service
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...
Microhard Systems IPn4G 安全漏洞
Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0, which originates from the presence of a hidden function that can manipulate system processes, potentially resulting in a service interruption...
Microhard Systems IPn4G 安全漏洞
Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0 that stems from susceptibility to cross-site request forgery attacks and could lead to the execution of administrative actions...