What is the CVSS score of CVE-2025-35009?

CVE-2025-35009 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.2%.

Which versions of Bulletlte Na2 Firmware are affected by CVE-2025-35009?

A high-severity privilege escalation vulnerability (CVE-2025-35009) affects Microhard wireless communication products used in critical infrastructure and remote operations.

Is there a public PoC exploit available for CVE-2025-35009?

Yes, a public proof-of-concept exploit is available for CVE-2025-35009. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-35009?

Within 24 hours: Inventory all systems using Microhard BulletLTE-NA2 or IPn4Gii-NA2 modules and assess exposure. Within 7 days: Implement network segmentation to restrict access to affected devices and disable the AT+MNNETSP command if operationally feasible; monitor for suspicious command patterns. Within 30 days: Contact Microhard for patch availability, evaluate alternative products if patches remain unavailable, and establish a timeline for remediation or decommissioning.

Bulletlte Na2 Firmware CVE-2025-35009

EUVD-2025-17399 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-06-08 cve@takeonme.org

Privilege Escalation Command Injection Bulletlte Na2 Firmware Ipn4gii Na2 Firmware

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:17 euvd

EUVD-2025-17399

Analysis Generated

Mar 14, 2026 - 19:17 vuln.today

PoC Detected

Jan 12, 2026 - 16:55 vuln.today

Public exploit code

CVE Published

Jun 08, 2025 - 21:15 nvd

HIGH 7.1

DescriptionCVE.org

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AnalysisAI

Post-authentication command injection vulnerability in the AT+MNNETSP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local users to achieve privilege escalation through improper argument delimiter neutralization. With a CVSS 7.1 score, high confidentiality and integrity impact, and no widespread patch availability at disclosure, this vulnerability poses a moderate-to-significant risk to organizations deploying these industrial LTE modems. The post-authentication requirement limits immediate exposure but represents a critical internal threat vector for privilege escalation once system access is obtained.

Technical ContextAI

This vulnerability exists in the AT command interface of Microhard's industrial-grade LTE modem products (BulletLTE-NA2 and IPn4Gii-NA2), which are widely deployed in remote monitoring, IoT gateway, and critical infrastructure applications. The AT+MNNETSP command fails to properly neutralize argument delimiters, an instance of CWE-88 (Argument Injection), allowing an authenticated user to inject arbitrary commands that execute with elevated privileges. AT commands are standardized modem control protocols, and improper input validation in command parsing is a known attack surface in telecommunications equipment. The vulnerability likely stems from insufficient input sanitization when parsing command parameters, allowing shell metacharacters or command separators to bypass intended argument boundaries and execute unintended system commands.

RemediationAI

Immediate actions: (1) Restrict AT command access to trusted users only via access control lists on the modem management interface; (2) Implement input validation and sanitization filters for AT+MNNETSP command parameters to reject shell metacharacters and command separators; (3) Run modems with minimal necessary privileges to limit privilege escalation scope. Long-term: (1) Monitor Microhard Systems security advisories and obtain patched firmware versions when available; (2) For critical deployments, implement network segmentation to isolate modem management interfaces; (3) Deploy intrusion detection rules to monitor for suspicious AT command sequences; (4) Consider product replacement with alternatives offering better security practices if patches are delayed. Vendor patch availability should be confirmed directly with Microhard Systems support; no specific version numbers are provided in the current disclosure.

CVE-2025-35009 vulnerability details – vuln.today

Back