FKIE_CVE-2018-25143
Vulnerability from fkie_nvd - Published: 2025-12-24 20:15 - Updated: 2026-01-26 19:52
Severity ?
Summary
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.
References
| URL | Tags | ||
|---|---|---|---|
| disclosure@vulncheck.com | http://www.microhardcorp.com | Product | |
| disclosure@vulncheck.com | https://www.exploit-db.com/exploits/45041 | Exploit | |
| disclosure@vulncheck.com | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microhardcorp | ipn4g_firmware | 1.1.0 | |
| microhardcorp | ipn4g | - | |
| microhardcorp | ipn3gb_firmware | 2.2.0 | |
| microhardcorp | ipn3gb | - | |
| microhardcorp | ipn4gb_firmware | 1.1.6 | |
| microhardcorp | ipn4gb | - | |
| microhardcorp | ipn4gb_firmware | 1.1.0 | |
| microhardcorp | ipn4gb | - | |
| microhardcorp | ipn4gb_firmware | 1.1.0 | |
| microhardcorp | ipn4gb | - | |
| microhardcorp | bullet-3g_firmware | 1.2.0 | |
| microhardcorp | bullet-3g | - | |
| microhardcorp | vip4gb_firmware | 1.1.6 | |
| microhardcorp | vip4gb | - | |
| microhardcorp | vip4gb_firmware | 1.1.6 | |
| microhardcorp | vip4gb | - | |
| microhardcorp | vip4gb_wifi-n_firmware | 1.1.6 | |
| microhardcorp | vip4gb_wifi-n | - | |
| microhardcorp | bullet-3g_firmware | 1.2.0 | |
| microhardcorp | bullet-3g | - | |
| microhardcorp | bullet-lte_firmware | 1.2.0 | |
| microhardcorp | bullet-lte | - | |
| microhardcorp | ipn3gii_firmware | 1.2.0 | |
| microhardcorp | ipn3gii | - | |
| microhardcorp | ipn4gii_firmware | 1.2.0 | |
| microhardcorp | ipn4gii | - | |
| microhardcorp | bulletplus_firmware | 1.3.0 | |
| microhardcorp | bulletplus | - | |
| microhardcorp | dragon-lte_firmware | 1.1.0 | |
| microhardcorp | dragon-lte | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:*:*:*:*:*:*",
"matchCriteriaId": "D3EFDC3E-8C6F-4418-9045-79D20D9E4EA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00615A52-B793-4A62-83B0-960F5FE2C7A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:*:*:*:*:*:*",
"matchCriteriaId": "BF5C7674-E51C-4E63-B71F-FE42E4418778",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn3gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52DB6EA5-3543-4883-B632-F23932C09587",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:*:*:*:*:*:*",
"matchCriteriaId": "101F7459-230B-4773-9338-908F9F90D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:*:*:*:*:*:*",
"matchCriteriaId": "7C7B4335-4C17-4571-A427-C215D9E8B02E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1086:*:*:*:*:*:*",
"matchCriteriaId": "C0AD86CD-8021-45C7-8B74-30F80F3346C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:reva_build1032:*:*:*:*:*:*",
"matchCriteriaId": "1E8C1691-7206-44F2-BD61-184ACA2E4971",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92F8F1C5-0DE9-46AC-9CBE-7E5E74EE51BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:build_1204:*:*:*:*:*:*",
"matchCriteriaId": "B4E65D67-5004-4EB1-BF79-A26BA221D9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779EEE4C-ADED-4391-8FA9-E8EF31342884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:vip4gb_firmware:1.1.6:rev3_build1184-14:*:*:*:*:*:*",
"matchCriteriaId": "F556B3EE-36FD-48D7-985E-DBCF6BC23DEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:vip4gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "779EEE4C-ADED-4391-8FA9-E8EF31342884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:vip4gb_wifi-n_firmware:1.1.6:rev2_build1196:*:*:*:*:*:*",
"matchCriteriaId": "D77E8DDD-8EDC-4FA6-8EB9-5F50F6CFAA52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:vip4gb_wifi-n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3F52D0-BAAB-4757-967C-7AA47A71959A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:bullet-3g_firmware:1.2.0:build1076:*:*:*:*:*:*",
"matchCriteriaId": "28D88F91-3D09-47B5-AB9B-92DBD97588AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:bullet-3g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92F8F1C5-0DE9-46AC-9CBE-7E5E74EE51BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:bullet-lte_firmware:1.2.0:build1078:*:*:*:*:*:*",
"matchCriteriaId": "792CB5BE-8406-49E5-B59A-8DC5150C24D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:bullet-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61D697C-C430-4E98-97F0-906F4481AB1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn3gii_firmware:1.2.0:build1076:*:*:*:*:*:*",
"matchCriteriaId": "EFE4899C-B65E-4B54-B93F-86D2C5B744DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn3gii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCC68A0-6438-41E7-931A-E5B2D0E969FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:ipn4gii_firmware:1.2.0:build1078:*:*:*:*:*:*",
"matchCriteriaId": "014461D1-9373-47E6-B3E8-B9A21A2C87BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:ipn4gii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0EC57B-519C-4CCF-B227-E58CE98E88E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:bulletplus_firmware:1.3.0:build1036:*:*:*:*:*:*",
"matchCriteriaId": "BDF28BA1-AE2D-46E1-8295-1B00BA716184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:bulletplus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8850D0E7-AE61-426B-AACC-42744FF3A68C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microhardcorp:dragon-lte_firmware:1.1.0:build1036:*:*:*:*:*:*",
"matchCriteriaId": "46F6C7EF-1B4C-4D7A-9DAE-433C811A22C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microhardcorp:dragon-lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33EEC533-B4B1-433D-B967-3951053273EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default \u0027msshc\u0027 user. Attackers can exploit a custom \u0027ping\u0027 command in the NcFTP environment to escape the restricted shell and execute commands with root privileges."
}
],
"id": "CVE-2018-25143",
"lastModified": "2026-01-26T19:52:01.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2025-12-24T20:15:48.590",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Product"
],
"url": "http://www.microhardcorp.com"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/45041"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…