EUVD-2025-17403
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Description
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Analysis
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Technical Context
This vulnerability exists in AT command processing for Microhard's LTE communication modules, specifically in the AT+MFMAC command parser. The root cause is CWE-88 (Argument Injection), where user-supplied input is concatenated into command strings without proper sanitization or delimiter escaping. The AT command interface is a legacy serial communication protocol used for modem control; improper parsing of AT command arguments allows an authenticated user to inject additional commands or modify command semantics. The BulletLTE-NA2 and IPn4Gii-NA2 are embedded LTE modules commonly integrated into industrial IoT, vehicular, and military communication systems. The flaw allows an attacker with local shell or serial access (post-authentication) to break out of the intended command context and execute arbitrary system commands with elevated privileges.
Affected Products
Microhard BulletLTE-NA2: All versions (no version range specified; assume all releases prior to unannounced patch). Microhard IPn4Gii-NA2: All versions (no version range specified; assume all releases prior to unannounced patch). CPE strings for affected products are likely: cpe:2.3:o:microhard:bulletlte-na2:*:*:*:*:*:*:*:* and cpe:2.3:o:microhard:ipn4gii-na2:*:*:*:*:*:*:*:*. All OEM products and third-party integrations incorporating these modules (e.g., industrial gateways, UAV control systems, satellite ground stations) are transitively affected. Specific version numbers are not disclosed in the CVE record; vendor contact required for patch timeline and affected release identification.
Remediation
1. Patch & Update: Contact Microhard immediately to obtain patched firmware versions for BulletLTE-NA2 and IPn4Gii-NA2 modules. No specific version numbers are available at this time; follow vendor security advisories for release dates. 2. Access Controls: Restrict local shell and serial console access to trusted administrators only. Disable or remove AT command interfaces if not required for operational use. 3. Network Segmentation: Isolate systems incorporating these modules on trusted networks; prevent untrusted local users from gaining shell or AT interface access. 4. Monitoring: Log all AT command usage and serial/telnet access to these modules; alert on AT+MFMAC commands or privilege escalation attempts. 5. Workaround (if patching delayed): If the AT+MFMAC command is not operationally required, disable or restrict its use via firmware configuration or access control lists on the serial/telnet interface. 6. Escalation: File a security incident report with Microhard and your OEM supplier; request ETA for patched firmware and interim mitigations specific to your product line.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today