CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.microhardcorp.com	Product
https://www.exploit-db.com/exploits/45041	Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php	Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn4g:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn3gb:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1086:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:reva_build1032:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:build_1204:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:rev3_build1184-14:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6:rev2_build1196:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:build1076:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0:build1078:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:bullet-lte:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0:build1076:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn3gii:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0:build1078:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:ipn4gii:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0:build1036:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:bulletplus:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0:build1036:*:*:*:*:*:*

cpe:2.3:h:microhardcorp:dragon-lte:-:*:*:*:*:*:*:*

History

26 Jan 2026, 19:52

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:build1076:::::: cpe:2.3:h:microhardcorp:bulletplus:-:::::::* cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1086:::::: cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:build_1204:::::: cpe:2.3:h:microhardcorp:ipn4g:-:::::::* cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0:build1036:::::: cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:::::: cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:reva_build1032:::::: cpe:2.3:h:microhardcorp:dragon-lte:-:::::::* cpe:2.3:h:microhardcorp:bullet-3g:-:::::::* cpe:2.3:h:microhardcorp:ipn4gii:-:::::::* cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:::::: cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:::::: cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:::::: cpe:2.3:h:microhardcorp:ipn3gii:-:::::::* cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:rev3_build1184-14:::::: cpe:2.3:h:microhardcorp:bullet-lte:-:::::::* cpe:2.3:h:microhardcorp:ipn3gb:-:::::::* cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0:build1036:::::: cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-:::::::* cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6:rev2_build1196:::::: cpe:2.3:h:microhardcorp:vip4gb:-:::::::* cpe:2.3:h:microhardcorp:ipn4gb:-:::::::* cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0:build1078:::::: cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0:build1078:::::: cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0:build1076::::::
References	~~() http://www.microhardcorp.com -~~	() http://www.microhardcorp.com - Product
References	~~() https://www.exploit-db.com/exploits/45041 -~~	() https://www.exploit-db.com/exploits/45041 - Exploit
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php - Exploit, Third Party Advisory
First Time		Microhardcorp ipn4g Firmware Microhardcorp bullet-lte Microhardcorp dragon-lte Microhardcorp dragon-lte Firmware Microhardcorp bulletplus Microhardcorp ipn3gb Microhardcorp Microhardcorp ipn3gii Firmware Microhardcorp vip4gb Microhardcorp vip4gb Wifi-n Firmware Microhardcorp bulletplus Firmware Microhardcorp ipn4gb Firmware Microhardcorp bullet-lte Firmware Microhardcorp ipn4gii Microhardcorp ipn4gii Firmware Microhardcorp ipn4gb Microhardcorp ipn3gb Firmware Microhardcorp bullet-3g Microhardcorp bullet-3g Firmware Microhardcorp vip4gb Firmware Microhardcorp vip4gb Wifi-n Microhardcorp ipn3gii Microhardcorp ipn4g

24 Dec 2025, 21:15

Type	Values Removed	Values Added
References	~~() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php -~~	() https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php -

24 Dec 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-24 20:15

Updated : 2026-01-26 19:52

NVD link : CVE-2018-25143

Mitre link : CVE-2018-25143

CVE.ORG link : CVE-2018-25143

JSON object : View

Products Affected

microhardcorp

ipn4gb_firmware
bullet-3g_firmware
ipn4gb
ipn3gii_firmware
vip4gb
bulletplus_firmware
dragon-lte_firmware
bullet-lte_firmware
ipn4gii
bullet-lte
ipn4gii_firmware
ipn4g_firmware
vip4gb_wifi-n_firmware
ipn3gb_firmware
dragon-lte
bullet-3g
ipn4g
bulletplus
ipn3gb
vip4gb_wifi-n
ipn3gii
vip4gb_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2018-25143

8.8^/10

Attach tags to `CVE-2018-25143`