CVE-2025-35006 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2025-35006?

CVE-2025-35006 has a CVSS score of 7.1 (HIGH). This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices via command injection in the AT+MFPORTFWD command. Successful exploitation leads to privilege escalation, potentially giving attackers full control of affected devices. Organizations using these specific Microhard cellular routers are affected.

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices via command injection in the AT+MFPORTFWD command. Successful exploitation leads to privilege escalation, potentially giving attackers full control of affected devices. Organizations using these specific Microhard cellular routers are affected.

💻 Affected Systems

Products:

Microhard BulletLTE-NA2
Microhard IPn4Gii-NA2

Versions: All versions prior to patch (specific patch version unknown)

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the device's management interface. Affects devices using the vulnerable AT command implementation.

📦 What is this software?

Bulletlte Na2 Firmware by Microhardcorp

View all CVEs affecting Bulletlte Na2 Firmware →

Ipn4gii Na2 Firmware by Microhardcorp

View all CVEs affecting Ipn4gii Na2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to reconfigure network settings, intercept traffic, establish persistence, and pivot to internal networks.

🟠

Likely Case

Local privilege escalation enabling attackers to modify device configurations, disable security features, or install backdoors.

🟢

If Mitigated

Limited impact if devices are properly segmented, have strong authentication controls, and command injection attempts are blocked.

🌐 Internet-Facing: MEDIUM - Devices exposed to internet could be targeted by authenticated attackers, but requires valid credentials.

🏢 Internal Only: MEDIUM - Internal attackers with device credentials could exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but command injection is straightforward once authenticated. No public exploit code identified at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware

Restart Required: Yes

Instructions:

1. Monitor vendor advisory for firmware updates. 2. Download firmware from Microhard support portal. 3. Follow vendor's firmware update procedure. 4. Verify update applied successfully.

🔧 Temporary Workarounds

Restrict AT Command Access

all

Limit access to device management interface and AT commands to authorized administrators only

Network Segmentation

all

Isolate affected devices in separate network segments to limit potential lateral movement

🧯 If You Can't Patch

Implement strict access controls to device management interfaces
Monitor for suspicious AT command usage and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if device responds to AT+MFPORTFWD command with improper input validation. Requires authenticated access to test.

Check Version:

ATI (check firmware version via AT command interface)

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory and test command injection no longer works.

📡 Detection & Monitoring

Log Indicators:

Unusual AT command sequences
Multiple failed authentication attempts followed by AT+MFPORTFWD usage
Privilege escalation attempts

Network Indicators:

Unusual outbound connections from affected devices
AT command traffic to unexpected destinations

SIEM Query:

Search for 'AT+MFPORTFWD' in device logs or authentication logs showing successful login followed by command injection patterns

📊 Metadata

CVE ID: CVE-2025-35006

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-88

EPSS Score: 0.14% exploit probability (34.4th percentile)

Published: June 8, 2025

Last Updated: January 12, 2026

🔗 References

https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware Permissions Required
https://takeonme.org/cves/cve-2025-35006/ Exploit,Third Party Advisory
https://www.microhardcorp.com/BulletLTE-NA2.php Product
https://www.microhardcorp.com/IPn4Gii-NA2.php Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35006, you might also want to check these: