Command Injection Vulnerability in Microhard BulletLTE-NA2 and IPn4Gii-NA2 Products
CVE-2025-35007

7.1HIGH

Key Information:

Vendor

Microhard

Status
Ipn4gii / Bullet-lte Firmware
Vendor
CVE Published:
8 June 2025

What is CVE-2025-35007?

The Microhard BulletLTE-NA2 and IPn4Gii-NA2 products are susceptible to a post-authentication command injection vulnerability within the AT+MFRULE command. This flaw arises from improper neutralization of argument delimiters, which can be exploited to escalate privileges maliciously. Users need to be cautious as this vulnerability can compromise the integrity and confidentiality of the system. No general fixes have been released for this issue as of the initial publication of this record.

Affected Version(s)

IPn4Gii / Bullet-LTE Firmware 0

References

https://takeonme.org/cves/cve-2025-35007/
third-party-advisory
https://www.microhardcorp.com/BulletLTE-NA2.php
product
https://www.microhardcorp.com/IPn4Gii-NA2.php
product

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ricky "HeadlessZeke" Lawshae of Keysight
todb
.
CVE-2025-35007 : Command Injection Vulnerability in Microhard BulletLTE-NA2 and IPn4Gii-NA2 Products