Bulletlte Na2 Firmware
Monthly
Post-authentication command injection vulnerability in the AT+MNPINGTM command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit this CWE-88 argument injection flaw to achieve privilege escalation, gaining high-confidentiality and high-integrity impact. The vulnerability remains generally unfixed at the time of CVE publication, indicating active exposure in deployed systems.
Post-authentication command injection vulnerability in the AT+MNNETSP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local users to achieve privilege escalation through improper argument delimiter neutralization. With a CVSS 7.1 score, high confidentiality and integrity impact, and no widespread patch availability at disclosure, this vulnerability poses a moderate-to-significant risk to organizations deploying these industrial LTE modems. The post-authentication requirement limits immediate exposure but represents a critical internal threat vector for privilege escalation once system access is obtained.
Post-authentication command injection vulnerability in the AT+MMNAME command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to escalate privileges through argument delimiter manipulation (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability represents a moderate-to-high risk for organizations deploying these industrial/embedded LTE communication devices. The post-authentication requirement and local attack vector limit exposure, but privilege escalation impact is significant.
Post-authentication command injection vulnerability in the AT+MFRULE command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability presents a moderate-to-high risk for systems where local authentication access can be obtained. The vulnerability has not been reported as actively exploited in public KEV catalogs, but the lack of available patches and the privilege escalation potential warrant immediate assessment and mitigation planning.
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.
Post-authentication command injection vulnerability in the AT+MNPINGTM command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit this CWE-88 argument injection flaw to achieve privilege escalation, gaining high-confidentiality and high-integrity impact. The vulnerability remains generally unfixed at the time of CVE publication, indicating active exposure in deployed systems.
Post-authentication command injection vulnerability in the AT+MNNETSP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local users to achieve privilege escalation through improper argument delimiter neutralization. With a CVSS 7.1 score, high confidentiality and integrity impact, and no widespread patch availability at disclosure, this vulnerability poses a moderate-to-significant risk to organizations deploying these industrial LTE modems. The post-authentication requirement limits immediate exposure but represents a critical internal threat vector for privilege escalation once system access is obtained.
Post-authentication command injection vulnerability in the AT+MMNAME command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to escalate privileges through argument delimiter manipulation (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability represents a moderate-to-high risk for organizations deploying these industrial/embedded LTE communication devices. The post-authentication requirement and local attack vector limit exposure, but privilege escalation impact is significant.
Post-authentication command injection vulnerability in the AT+MFRULE command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, allowing authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS score of 7.1 and no general fix available at publication, this vulnerability presents a moderate-to-high risk for systems where local authentication access can be obtained. The vulnerability has not been reported as actively exploited in public KEV catalogs, but the lack of available patches and the privilege escalation potential warrant immediate assessment and mitigation planning.
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.