CVE-2018-25149

Sažetak

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

Reference

http://www.microhardcorp.com
https://www.exploit-db.com/exploits/45034
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

26-01-2026 - 16:15

Objavljeno

24-12-2025 - 20:15