CVE-2018-25147
HIGHDescription
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
Is your site exposed to CVE-2018-25147?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microhardcorp | ipn4g_firmware |
| microhardcorp | ipn4g |
| microhardcorp | ipn3gb_firmware |
| microhardcorp | ipn3gb |
| microhardcorp | ipn4gb_firmware |
| microhardcorp | ipn4gb |
| microhardcorp | ipn4gb_firmware |
| microhardcorp | ipn4gb |
| microhardcorp | ipn4gb_firmware |
| microhardcorp | ipn4gb |
| microhardcorp | bullet-3g_firmware |
| microhardcorp | bullet-3g |
| microhardcorp | vip4gb_firmware |
| microhardcorp | vip4gb |
| microhardcorp | vip4gb_firmware |
| microhardcorp | vip4gb |
| microhardcorp | vip4gb_wifi-n_firmware |
| microhardcorp | vip4gb_wifi-n |
| microhardcorp | bullet-3g_firmware |
| microhardcorp | bullet-3g |
| microhardcorp | bullet-lte_firmware |
| microhardcorp | bullet-lte |
| microhardcorp | ipn3gii_firmware |
| microhardcorp | ipn3gii |
| microhardcorp | ipn4gii_firmware |
| microhardcorp | ipn4gii |
| microhardcorp | bulletplus_firmware |
| microhardcorp | bulletplus |
| microhardcorp | dragon-lte_firmware |
| microhardcorp | dragon-lte |
References
Frequently Asked Questions
What is CVE-2018-25147? +
How severe is CVE-2018-25147? +
What products are affected by CVE-2018-25147? +
How do I check if I'm vulnerable to CVE-2018-25147? +
Related Vulnerabilities
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might …
If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are …
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with …
A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical …
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created …
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.