CVE-2018-25146

Summary

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.

Affected Software

VendorProductVersion RangeStatus
Microhard SystemsMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoSIPn4G 1.1.0 build 1098affected

Weaknesses

  • CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References