What is the CVSS score of CVE-2025-35004?

CVE-2025-35004 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.2%.

Which versions of Ipn4gii Na2 Firmware are affected by CVE-2025-35004?

A high-severity privilege escalation vulnerability (CVE-2025-35004) affects Microhard LTE devices used in enterprise networks, allowing authenticated users to gain elevated system privileges through…

Is there a public PoC exploit available for CVE-2025-35004?

Yes, a public proof-of-concept exploit is available for CVE-2025-35004. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-35004?

Within 24 hours: Inventory all Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices across the organization and document their network locations and criticality levels. Within 7 days: Implement network segmentation to restrict access to affected devices, disable AT+MFIP command functionality if possible, and enforce multi-factor authentication for all administrative access. Within 30 days: Contact Microhard for patch status and timeline; evaluate alternative vendor solutions if patches remain unavailable; conduct forensic audit of device logs for signs of exploitation.

Ipn4gii Na2 Firmware CVE-2025-35004

EUVD-2025-17404 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-06-08 cve@takeonme.org

Privilege Escalation Command Injection Ipn4gii Na2 Firmware Bulletlte Na2 Firmware

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:17 euvd

EUVD-2025-17404

Analysis Generated

Mar 14, 2026 - 19:17 vuln.today

PoC Detected

Jan 12, 2026 - 16:54 vuln.today

Public exploit code

CVE Published

Jun 08, 2025 - 21:15 nvd

HIGH 7.1

DescriptionCVE.org

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AnalysisAI

Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.

Technical ContextAI

The vulnerability exists in the AT command interface (Hayes command protocol) used by Microhard cellular modems. The AT+MFIP command, which likely configures IP-related parameters on these LTE modems, fails to properly sanitize or delimit arguments passed by authenticated users. This is a classic argument injection flaw (CWE-88) where an attacker with local shell access or authenticated command-line interface can inject shell metacharacters or additional commands into the AT+MFIP command string, bypassing intended command boundaries. Microhard's BulletLTE-NA2 and IPn4Gii-NA2 are industrial-grade LTE gateway/modem devices commonly deployed in remote monitoring, IoT, and critical infrastructure applications where they bridge cellular networks to local systems. The AT command parser does not implement proper input validation or escaping, allowing privilege escalation from an authenticated user context to potentially root or modem firmware-level access.

RemediationAI

No vendor patches are explicitly documented as available at CVE publication. Recommended actions: (1) Contact Microhard Systems directly to request security updates or patches for BulletLTE-NA2 and IPn4Gii-NA2 firmware; (2) Implement strong access controls—restrict local shell/serial access to the modems to authorized personnel only, and enforce strong authentication on any AT command interfaces; (3) Network segmentation—isolate cellular gateway devices on restricted networks with minimal lateral movement risk; (4) Monitor AT command logs for suspicious AT+MFIP invocations with unusual argument patterns; (5) Firmware lockdown—disable AT command interfaces if not operationally necessary, or restrict to administrative serial ports only; (6) Consider replacing vulnerable modems with patched alternatives or vendors offering better security practices if Microhard does not issue timely updates. Workarounds are limited due to the architectural nature of the flaw; patching is the primary remediation path.

CVE-2025-35004 vulnerability details – vuln.today

Back