CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system...

medium 6.5 CVSS 3.1

Published: Dec 24, 2025

Modified: Jan 26, 2026

Versions: 1.1.0,2.2.0,1.1.6,1.2.0,1.3.0

Description

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.

References

Related CVEs

CVSS Breakdown

Version	3.1
Score	6.5 / 10
Severity	medium

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness (CWE)

CWE-552

Affected Product

Vendor	Microhardcorp
Product	Ipn4G Firmware
Versions	1.1.0,2.2.0,1.1.6,1.2.0,1.3.0