CVE-2018-25144

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Vulnerability Details

Published Date

December 24, 2025

Last Modified

December 29, 2025

CWE ID

CWE-22

Source

NVD

External References

http://www.microhardcorp.com
https://www.exploit-db.com/exploits/45037
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

CVE-2018-25144

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment