CVE-2018-25149

EUVD-2025-205337
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
VulnCheckCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microhardcorpipn4g_firmware
1.1.0:build1098
microhardcorpipn3gb_firmware
2.2.0:build2160
microhardcorpipn4gb_firmware
1.1.6:build1184-14
microhardcorpipn4gb_firmware
1.1.0:rev2_build1090-2
microhardcorpipn4gb_firmware
1.1.0:rev2_build1086
microhardcorpbullet-3g_firmware
1.2.0:reva_build1032
microhardcorpvip4gb_firmware
1.1.6:build_1204
microhardcorpvip4gb_firmware
1.1.6:rev3_build1184-14
microhardcorpvip4gb_wifi-n_firmware
1.1.6:rev2_build1196
microhardcorpbullet-3g_firmware
1.2.0:build1076
microhardcorpbullet-lte_firmware
1.2.0:build1078
microhardcorpipn3gii_firmware
1.2.0:build1076
microhardcorpipn4gii_firmware
1.2.0:build1078
microhardcorpbulletplus_firmware
1.3.0:build1036
microhardcorpdragon-lte_firmware
1.1.0:build1036
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.microhardcorp.com
https://www.exploit-db.com/exploits/45034
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php