Home

Description

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of Default Credentials

Product status

IPn4G 1.1.0 build 1098
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php exploit

www.exploit-db.com/exploits/45040 (ExploitDB-45040) exploit

www.microhardcorp.com (Microhard Systems Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php (Zero Science Lab Disclosure (ZSL-2018-5480)) third-party-advisory

cve.org (CVE-2018-25147)

nvd.nist.gov (CVE-2018-25147)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.