CVE-2018-25145

Summary

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.

Affected Software

VendorProductVersion RangeStatus
Microhard SystemsMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration DownloadIPn4G 1.1.0 build 1098affected

Weaknesses

  • CWE-552: Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References