cbcvebase.

Microhardcorp Bullet-Lte Firmware vulnerabilities

9 known vulnerabilities affecting microhardcorp/bullet-lte_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-17407P2CRITICALCVSS 9.8fixed in 1.2.0-r11122020-10-13
CVE-2020-17407 [CRITICAL] CWE-121 CVE-2020-17407: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mi This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results from the lack of proper validation of the length of use
nvd
CVE-2020-17406P2HIGHCVSS 8.8fixed in 1.2.0-r11122020-10-13
CVE-2020-17406 [HIGH] CWE-78 CVE-2020-17406: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mi This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-su
nvd
CVE-2018-25148P2HIGHCVSS 8.8v1.2.02025-12-24
CVE-2018-25148 [HIGH] CWE-266 CVE-2018-25148: Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and wr
nvd
CVE-2018-25144P2CRITICALCVSS 9.8v1.2.02025-12-24
CVE-2018-25144 [CRITICAL] CWE-22 CVE-2018-25144: Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-e Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and P
nvd
CVE-2018-25143P3HIGHCVSS 8.8v1.2.02025-12-24
CVE-2018-25143 [HIGH] CWE-78 CVE-2018-25143: Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to en Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.
nvd
CVE-2018-25147P3HIGHCVSS 7.5v1.2.02025-12-24
CVE-2018-25147 [HIGH] CWE-1392 CVE-2018-25147: Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
nvd
CVE-2018-25146P3HIGHCVSS 8.1v1.2.02025-12-24
CVE-2018-25146 [HIGH] CWE-863 CVE-2018-25146: Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attac Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
nvd
CVE-2018-25145P3MEDIUMCVSS 6.5v1.2.02025-12-24
CVE-2018-25145 [MEDIUM] CWE-552 CVE-2018-25145: Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows aut Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
nvd
CVE-2018-25149P4MEDIUMCVSS 6.5v1.2.02025-12-24
CVE-2018-25149 [MEDIUM] CWE-352 CVE-2018-25149: Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attack Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
nvd
Microhardcorp Bullet-Lte Firmware vulnerabilities | cvebase