Post-Authentication Command Injection in Microhard BulletLTE-NA2 and IPn4Gii-NA2
CVE-2025-35005

7.1HIGH

Key Information:

Vendor

Microhard

Status
Ipn4gii / Bullet-lte Firmware
Vendor
CVE Published:
8 June 2025

What is CVE-2025-35005?

Products including the Microhard BulletLTE-NA2 and IPn4Gii-NA2 face a security risk due to a post-authentication command injection vulnerability present in the AT+MFMAC command. This flaw allows attackers to exploit improper neutralization of argument delimiters, potentially leading to privilege escalation within the affected systems. As of the last update, there has been no comprehensive fix for this issue.

Affected Version(s)

IPn4Gii / Bullet-LTE Firmware 0

References

https://takeonme.org/cves/cve-2025-35005/
third-party-advisory
https://www.microhardcorp.com/BulletLTE-NA2.php
product
https://www.microhardcorp.com/IPn4Gii-NA2.php
product

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ricky "HeadlessZeke" Lawshae of Keysight
todb
.
CVE-2025-35005 : Post-Authentication Command Injection in Microhard BulletLTE-NA2 and IPn4Gii-NA2