EUVD-2025-17402CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Description
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Analysis
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Technical Context
The vulnerability exists in the AT command interface (AT+ protocol) commonly used in cellular and wireless modems for device control and configuration. The Microhard BulletLTE-NA2 and IPn4Gii-NA2 are industrial-grade LTE modems used in remote IoT, telemetry, and critical infrastructure applications. The root cause is CWE-88 (Improper Neutralization of Argument Delimiters in a Command), which occurs when user-supplied input to the AT+MFPORTFWD command is not properly sanitized or escaped before being passed to shell or system command execution. This allows an attacker to inject additional commands or arguments that alter the intended command logic. The affected products likely process port forwarding configuration through AT commands without adequate input validation, enabling argument injection that bypasses intended command boundaries.
Affected Products
Microhard BulletLTE-NA2 (all versions prior to patched release, if available); Microhard IPn4Gii-NA2 (all versions prior to patched release, if available); Any third-party products or integrations incorporating these modems as components (automotive, industrial control, remote monitoring systems, maritime/aviation telemetry). Likely CPE identifiers: cpe:2.3:h:microhard:bulletlte-na2:*:*:*:*:*:*:*:* and cpe:2.3:h:microhard:ipn4gii-na2:*:*:*:*:*:*:*:* (version ranges unspecified at publication). Vendor has not released public security advisories or patch information as of CVE publication.
Remediation
Immediate actions: (1) Restrict local access to affected Microhard devices to trusted administrators only; implement physical or network-level access controls to AT command interfaces; (2) Disable AT+MFPORTFWD command if port forwarding is not required; (3) Monitor device logs for suspicious AT command sequences; (4) Isolate affected devices to secure network segments away from untrusted hosts. Long-term: Monitor Microhard's security advisories and vendor website for firmware updates addressing CVE-2025-35006. Contact Microhard directly for patch timelines. If patches are released, apply them immediately to all affected BulletLTE-NA2 and IPn4Gii-NA2 devices. For products incorporating these modems, ensure vendor integration patches are applied. Consider architecture review to minimize reliance on untrusted local access to modem AT interfaces.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today