ByteOS Network

NVD Vulnerability Details :

CVE-2018-25149

Modified

Source-disclosure@vulncheck.com

Published At-24 Dec, 2025 | 20:15

Updated At-26 Jan, 2026 | 16:15

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.1	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Type: Secondary

Version: 4.0

Base score: 5.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CPE Matches

microhardcorp>>ipn4g_firmware>>1.1.0

cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:*:*:*:*:*:*

microhardcorp>>ipn4g>>-

cpe:2.3:h:microhardcorp:ipn4g:-:*:*:*:*:*:*:*

microhardcorp>>ipn3gb_firmware>>2.2.0

cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:*:*:*:*:*:*

microhardcorp>>ipn3gb>>-

cpe:2.3:h:microhardcorp:ipn3gb:-:*:*:*:*:*:*:*

microhardcorp>>ipn4gb_firmware>>1.1.6

cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:*:*:*:*:*:*

microhardcorp>>ipn4gb>>-

cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

microhardcorp>>ipn4gb_firmware>>1.1.0

cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:*:*:*:*:*:*

microhardcorp>>ipn4gb>>-

cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

microhardcorp>>ipn4gb_firmware>>1.1.0

cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1086:*:*:*:*:*:*

microhardcorp>>ipn4gb>>-

cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

microhardcorp>>bullet-3g_firmware>>1.2.0

cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:reva_build1032:*:*:*:*:*:*

microhardcorp>>bullet-3g>>-

cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*

microhardcorp>>vip4gb_firmware>>1.1.6

cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:build_1204:*:*:*:*:*:*

microhardcorp>>vip4gb>>-

cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*

microhardcorp>>vip4gb_firmware>>1.1.6

cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:rev3_build1184-14:*:*:*:*:*:*

microhardcorp>>vip4gb>>-

cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*

microhardcorp>>vip4gb_wifi-n_firmware>>1.1.6

cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6:rev2_build1196:*:*:*:*:*:*

microhardcorp>>vip4gb_wifi-n>>-

cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-:*:*:*:*:*:*:*

microhardcorp>>bullet-3g_firmware>>1.2.0

cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:build1076:*:*:*:*:*:*

microhardcorp>>bullet-3g>>-

cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*

microhardcorp>>bullet-lte_firmware>>1.2.0

cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0:build1078:*:*:*:*:*:*

microhardcorp>>bullet-lte>>-

cpe:2.3:h:microhardcorp:bullet-lte:-:*:*:*:*:*:*:*

microhardcorp>>ipn3gii_firmware>>1.2.0

cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0:build1076:*:*:*:*:*:*

microhardcorp>>ipn3gii>>-

cpe:2.3:h:microhardcorp:ipn3gii:-:*:*:*:*:*:*:*

microhardcorp>>ipn4gii_firmware>>1.2.0

cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0:build1078:*:*:*:*:*:*

microhardcorp>>ipn4gii>>-

cpe:2.3:h:microhardcorp:ipn4gii:-:*:*:*:*:*:*:*

microhardcorp>>bulletplus_firmware>>1.3.0

cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0:build1036:*:*:*:*:*:*

microhardcorp>>bulletplus>>-

cpe:2.3:h:microhardcorp:bulletplus:-:*:*:*:*:*:*:*

microhardcorp>>dragon-lte_firmware>>1.1.0

cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0:build1036:*:*:*:*:*:*

microhardcorp>>dragon-lte>>-

cpe:2.3:h:microhardcorp:dragon-lte:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-352	Secondary	disclosure@vulncheck.com

CWE ID: CWE-352

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
http://www.microhardcorp.com	disclosure@vulncheck.com	Product
https://www.exploit-db.com/exploits/45034	disclosure@vulncheck.com	Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php	disclosure@vulncheck.com	Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory

Hyperlink: http://www.microhardcorp.com

Source: disclosure@vulncheck.com

Resource:

Product

Hyperlink: https://www.exploit-db.com/exploits/45034

Source: disclosure@vulncheck.com

Resource:

Exploit

Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php

Source: disclosure@vulncheck.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History