CVE-2025-35004
📋 TL;DR
This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices through improper input validation in the AT+MFIP command. Attackers can escalate privileges and potentially gain full control of affected devices. Organizations using these specific Microhard products are at risk.
💻 Affected Systems
- Microhard BulletLTE-NA2
- Microhard IPn4Gii-NA2
📦 What is this software?
Bulletlte Na2 Firmware by Microhardcorp
Ipn4gii Na2 Firmware by Microhardcorp
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing attackers to install persistent backdoors, intercept network traffic, pivot to internal networks, or render devices inoperable.
Likely Case
Privilege escalation leading to unauthorized administrative access, configuration changes, and potential data exfiltration from connected networks.
If Mitigated
Limited impact if proper network segmentation, access controls, and monitoring prevent exploitation attempts.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware
Restart Required: Yes
Instructions:
1. Monitor vendor advisory for firmware updates. 2. Download firmware from Microhard support portal. 3. Follow vendor's firmware update procedures. 4. Verify update completion and restart devices.
🔧 Temporary Workarounds
Restrict AT Command Access
allLimit access to AT command interface to trusted administrative networks only
Change Default Credentials
allEnsure strong, unique administrative credentials are set on all devices
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected devices from critical networks
- Enable detailed logging and monitoring for AT command access and unusual administrative activity
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against vendor's patched version when available. Test AT+MFIP command injection if authorized.Check Version:
ATI (check via serial console or management interface)Verify Fix Applied:
Verify firmware version matches or exceeds vendor's patched version. Test that AT+MFIP command no longer accepts malicious input.📡 Detection & Monitoring
Log Indicators:
- Unusual AT command sequences
- Multiple failed authentication attempts followed by AT+MFIP usage
- Administrative privilege changes
Network Indicators:
- AT command traffic from unexpected sources
- Unusual outbound connections from devices
SIEM Query:
source="microhard_device" AND (command="AT+MFIP" OR command="AT*" AND status="success")