CVE-2018-25144

Sažetak

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Reference

http://www.microhardcorp.com
https://www.exploit-db.com/exploits/45037
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

02-02-2026 - 16:16

Objavljeno

24-12-2025 - 20:15