Post-Authentication Command Injection in Microhard BulletLTE-NA2 and IPn4Gii-NA2
CVE-2025-35008

7.1HIGH

Key Information:

Vendor: Microhard
Status: Ipn4gii / Bullet-lte Firmware
Vendor: CVE Published:; 8 June 2025

🔔 Create Microhard Vulnerability Alert

What is CVE-2025-35008?

Products including the Microhard BulletLTE-NA2 and IPn4Gii-NA2 have a vulnerability that allows for command injection post-authentication. This vulnerability affects the AT+MMNAME command and can enable unauthorized privilege escalation by improperly neutralizing argument delimiters, posing significant security risks for users and their data.

Affected Version(s)

IPn4Gii / Bullet-LTE Firmware 0

References

https://takeonme.org/cves/cve-2025-35008/

third-party-advisory

https://www.microhardcorp.com/BulletLTE-NA2.php

https://www.microhardcorp.com/IPn4Gii-NA2.php

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Ricky "HeadlessZeke" Lawshae of Keysight

todb

.

CVE-2025-35008 : Post-Authentication Command Injection in Microhard BulletLTE-NA2 and IPn4Gii-NA2