21 matches found
CVE-2020-17406
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...
CVE-2025-35010 Microhard Bullet-LTE and IPn4Gii AT+MNPINGTM Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command...
CVE-2025-35009 Microhard Bullet-LTE and IPn4Gii AT+MNNETSP Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command...
CVE-2025-35009 Microhard Bullet-LTE and IPn4Gii AT+MNNETSP Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command...
CVE-2025-35008 Microhard Bullet-LTE and IPn4Gii AT+MMNAME Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argume...
CVE-2025-35007 Microhard Bullet-LTE and IPn4Gii AT+MFRULE Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argume...
CVE-2025-35005 Microhard Bullet-LTE and IPn4Gii AT+MFMAC Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argumen...
CVE-2025-35005 Microhard Bullet-LTE and IPn4Gii AT+MFMAC Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argumen...
CVE-2025-35004 Microhard Bullet-LTE and IPn4Gii AT+MFIP Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument...
Microhard (CVE-2020-17407)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results fro...
Microhard Bullet-LTE Improper Neutralization of Special Elements used in an OS Command (CVE-2020-17406)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...
CVE-2020-17407
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results fro...
CVE-2020-17406
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...
CVE-2020-17407
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results fro...
CVE-2020-17407
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results fro...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...
CVE-2020-17407
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results fro...
CVE-2020-17406
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issu...
CVE-2020-17407
Affected product: Microhard Bullet-LTE (firmware prior to v1.2.0-r1112). Vulnerability summary: A stack-based buffer overflow in the handling of the Basic/authentication headers allows remote attackers to execute arbitrary code with root privileges. The flaw arises from insufficient validation of...
CVE-2020-17406
CVE-2020-17406 affects Microhard Bullet-LTE prior to v1.2.0-r1112. The issue is in the handling of the ping parameter in tools.sh, stemming from improper validation of a user-supplied string before it is used in a system call. This allows an attacker with authentication to execute arbitrary code ...