EUVD-2025-17400CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Description
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Analysis
Post-authentication command injection vulnerability in the AT+MMNAME command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to escalate privileges through argument delimiter manipulation (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability represents a moderate-to-high risk for organizations deploying these industrial/embedded LTE communication devices. The post-authentication requirement and local attack vector limit exposure, but privilege escalation impact is significant.
Technical Context
This vulnerability exploits improper neutralization of argument delimiters in the AT+MMNAME modem command (CWE-88), a command injection variant where special characters or delimiters are not properly sanitized when constructing system commands. Microhard BulletLTE-NA2 and IPn4Gii-NA2 are cellular modems/communication modules commonly embedded in industrial IoT, maritime, and critical infrastructure equipment. The AT command interface is a legacy modem control protocol (used in 2G/3G/4G devices); the vulnerability allows an authenticated user with local access to inject shell metacharacters or command separators into the MMNAME parameter, enabling arbitrary command execution with elevated privileges. The root cause is insufficient input validation on user-supplied arguments before passing them to underlying system calls.
Affected Products
Microhard BulletLTE-NA2 (all versions, no specific patch version identified as of CVE publication); Microhard IPn4Gii-NA2 (all versions, no specific patch version identified as of CVE publication). These are embedded cellular communication modules marketed for industrial IoT, maritime, and rugged applications. Affected are any end-products or systems that integrate these modems with exposed AT command interfaces accessible to authenticated local users (e.g., industrial control systems, IoT gateways, vehicle telematics platforms). No specific CPE strings or vendor advisory URLs were provided in the source data; organizations must contact Microhard directly or consult their product documentation for affected revision numbers and OEM/integrator advisories.
Remediation
1. **Patch/Update**: Contact Microhard for firmware updates addressing AT+MMNAME command input validation; as of CVE publication, no general fix is available—request timeline and patch version from vendor. 2. **Access Control Workaround**: Restrict local access to the AT command interface to trusted users/processes; implement role-based access controls and disable AT command execution for unprivileged accounts if the modem supports privilege separation. 3. **Input Filtering (Temporary Mitigation)**: If available, configure the device to filter or reject AT+MMNAME commands containing shell metacharacters (`;`, `|`, `&`, `$()`, backticks); consult product documentation for CLI/config options. 4. **Monitoring**: Enable audit logging on AT command execution and privilege escalation events; alert on suspicious MMNAME parameters containing special characters. 5. **Network Isolation**: For devices in operational technology networks, isolate modem management interfaces from untrusted users; use out-of-band management or jump hosts. 6. **Vendor Coordination**: Register with Microhard's product security notifications and request disclosure of patch timelines and affected firmware revisions.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today