Cyber Resilience

CVE-2018-25144

HighPublic PoC

Published: 24 December 2025

Published
24 December 2025
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0042 33.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25144 is a high-severity Path Traversal (CWE-22) vulnerability in Microhardcorp Ipn4Gb Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2018-25144 is an authentication bypass vulnerability in Microhard Systems IPn4G version 1.1.0, affecting the hidden system-editor.sh script. The flaw stems from unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters, enabling path traversal (CWE-22) via GET and POST requests. This allows attackers to read, modify, or delete arbitrary files. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers require no privileges or user interaction to exploit the issue with low attack complexity. Exploitation grants high-impact access to the file system, potentially allowing full read, write, and delete operations on arbitrary files, which could lead to complete device compromise.

Advisories and resources include the vendor site at http://www.microhardcorp.com, an exploit at https://www.exploit-db.com/exploits/45037, and a vulnerability report from Zero Science Labs at https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php. Security practitioners should review these for patch availability and mitigation guidance.

EU & UK References

Vulnerability details

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system…

more

modifications through GET and POST requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
Why these techniques?

Path traversal via unauthenticated web script enables public-facing app exploitation (T1190), Linux credential dumping from /etc/passwd/shadow (T1003.008), arbitrary local file reads for data collection (T1005), and arbitrary file deletion (T1070.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25148Same product: Microhardcorp Bullet-3G
CVE-2018-25143Same product: Microhardcorp Bullet-3G
CVE-2026-33493Shared CWE-22
CVE-2025-70084Shared CWE-22
CVE-2026-33686Shared CWE-22
CVE-2025-30005Shared CWE-22
CVE-2026-25069Shared CWE-22
CVE-2026-3464Shared CWE-22
CVE-2024-54291Shared CWE-22
CVE-2025-9801Shared CWE-22

Affected Assets

microhardcorp
ipn4g firmware
1.1.0
microhardcorp
ipn3gb firmware
2.2.0
microhardcorp
ipn4gb firmware
1.1.0, 1.1.6
microhardcorp
bullet-3g firmware
1.2.0
microhardcorp
vip4gb firmware
1.1.6
microhardcorp
vip4gb wifi-n firmware
1.1.6
microhardcorp
bullet-lte firmware
1.2.0
microhardcorp
ipn3gii firmware
1.2.0
microhardcorp
ipn4gii firmware
1.2.0
microhardcorp
bulletplus firmware
1.3.0
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses unsanitized input parameters enabling path traversal by enforcing information input validation mechanisms at entry points.

prevent

Least functionality prohibits or restricts unnecessary hidden scripts like system-editor.sh, eliminating the vulnerable attack surface.

prevent

Enforces approved authorizations for logical access to files, mitigating unauthorized read, modify, or delete operations even in the presence of authentication bypass.

References