Command Injection Vulnerability in Microhard BulletLTE-NA2 and IPn4Gii-NA2 Products
CVE-2025-35010

7.1HIGH

Key Information:

Vendor

Microhard

Status
Ipn4gii / Bullet-lte Firmware
Vendor
CVE Published:
8 June 2025

What is CVE-2025-35010?

Products incorporating the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection flaw in the AT+MNPINGTM command. This vulnerability allows attackers to manipulate command inputs, potentially leading to privilege escalation scenarios. The issue arises from improper handling of argument delimiters and has not been resolved at the time of this record's publication.

Affected Version(s)

IPn4Gii / Bullet-LTE Firmware 0

References

https://takeonme.org/cves/cve-2025-35010/
third-party-advisory
https://www.microhardcorp.com/BulletLTE-NA2.php
product
https://www.microhardcorp.com/IPn4Gii-NA2.php
product

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ricky "HeadlessZeke" Lawshae of Keysight
todb
.
CVE-2025-35010 : Command Injection Vulnerability in Microhard BulletLTE-NA2 and IPn4Gii-NA2 Products