CVE-2018-25146

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disrup...

high 8.1 CVSS 3.1
Published: Dec 24, 2025
Modified: Feb 2, 2026
Vendor: Microhardcorp
Product: Ipn4G Firmware
Versions: 1.1.0,2.2.0,1.1.6,1.2.0,1.3.0

Description

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.

References

Related CVEs

CVE-2018-25147 high · 7.5
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to ga
CVE-2018-25148 high · 8.8
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify sy
CVE-2018-25149 medium · 6.5
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft
CVE-2018-25143 high · 8.8
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a
CVE-2018-25144 high · 8.4
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete a
CVE-2018-25145 medium · 6.5
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers