What is the CVSS score of CVE-2025-35010?

CVE-2025-35010 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.2%.

Which versions of Ipn4gii Na2 Firmware are affected by CVE-2025-35010?

A high-severity vulnerability in Microhard cellular modules (BulletLTE-NA2 and IPn4Gii-NA2) allows authenticated users to escalate privileges through command injection, potentially compromising…

Is there a public PoC exploit available for CVE-2025-35010?

Yes, a public proof-of-concept exploit is available for CVE-2025-35010. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-35010?

Within 24 hours: Identify all systems and devices using affected Microhard modules (BulletLTE-NA2, IPn4Gii-NA2) and document their business criticality and network exposure. Within 7 days: Implement network segmentation to restrict access to affected devices, disable the AT+MNPINGTM command if operationally feasible, and enforce strict access controls limiting authenticated users. Within 30 days: Contact Microhard for patch availability status and timelines; evaluate device replacement or firmware alternatives; conduct security assessment of any systems that may have been compromised during the vulnerability window.

Ipn4gii Na2 Firmware CVE-2025-35010

EUVD-2025-17398 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-06-08 cve@takeonme.org

Privilege Escalation Command Injection Ipn4gii Na2 Firmware Bulletlte Na2 Firmware

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:17 euvd

EUVD-2025-17398

Analysis Generated

Mar 14, 2026 - 19:17 vuln.today

PoC Detected

Jan 12, 2026 - 16:55 vuln.today

Public exploit code

CVE Published

Jun 08, 2025 - 21:15 nvd

HIGH 7.1

DescriptionCVE.org

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AnalysisAI

Post-authentication command injection vulnerability in the AT+MNPINGTM command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit this CWE-88 argument injection flaw to achieve privilege escalation, gaining high-confidentiality and high-integrity impact. The vulnerability remains generally unfixed at the time of CVE publication, indicating active exposure in deployed systems.

Technical ContextAI

The vulnerability exists in the AT command interface (a legacy Hayes modem protocol extended by manufacturers for device control) within Microhard's LTE modules. The AT+MNPINGTM command fails to properly neutralize argument delimiters when processing user-supplied input (CWE-88: Improper Neutralization of Argument Delimiters in a Command). This allows an authenticated user to inject shell metacharacters or additional command arguments, breaking out of the intended command context. The affected products—Microhard BulletLTE-NA2 and IPn4Gii-NA2—are industrial-grade LTE modems commonly deployed in critical infrastructure, IoT gateways, and remote communications systems where AT command interfaces are exposed to local or authenticated network access.

RemediationAI

At the time of CVE publication, no patch is generally available. Recommended actions: (1) Contact Microhard directly for security updates and estimated patch timeline; (2) If available, apply firmware updates to BulletLTE-NA2 and IPn4Gii-NA2 modules immediately upon release; (3) Implement access controls to restrict AT command interface access to trusted administrators only (disable remote AT access if not required); (4) Monitor AT command logs for suspicious AT+MNPINGTM usage (unusual argument patterns, shell metacharacters); (5) Segment networks to limit lateral movement if a low-privileged user gains access; (6) Consider temporary disable of the affected AT+MNPINGTM command if alternative ping/diagnostics methods are available. Workaround: restrict AT interface exposure via firewall rules or physical/logical segmentation until patches are available.

CVE-2025-35010 vulnerability details – vuln.today

Back