CVE-2018-25147

Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass

CVSS 9.3 CRITICALEPSS 0.3%CWE-1392

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Microhard Systems · Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/45040 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5480.php http://www.microhardcorp.com