CVE-2018-25145

Description

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner VulnCheck

Problem types

Files or Directories Accessible to External Parties

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5484.php exploit

www.exploit-db.com/exploits/45036 (ExploitDB-45036) exploit

www.microhardcorp.com (Microhard Systems Product Web Page) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5484.php (Zero Science Lab Disclosure (ZSL-2018-5484)) third-party-advisory

cve.org (CVE-2018-25145)

nvd.nist.gov (CVE-2018-25145)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.