CVE-2025-35008 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2025-35008?

CVE-2025-35008 has a CVSS score of 7.1 (HIGH). This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices via the AT+MMNAME command, potentially leading to full system compromise. It affects organizations using these cellular routers/modems for industrial, IoT, or networking applications. Attackers need local access or existing credentials to exploit this issue.

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices via the AT+MMNAME command, potentially leading to full system compromise. It affects organizations using these cellular routers/modems for industrial, IoT, or networking applications. Attackers need local access or existing credentials to exploit this issue.

💻 Affected Systems

Products:

Microhard BulletLTE-NA2
Microhard IPn4Gii-NA2

Versions: All versions prior to patch (specific version information not provided in CVE)

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the device's AT command interface. Typically affects devices used in industrial control, transportation, and remote monitoring applications.

📦 What is this software?

Bulletlte Na2 Firmware by Microhardcorp

View all CVEs affecting Bulletlte Na2 Firmware →

Ipn4gii Na2 Firmware by Microhardcorp

View all CVEs affecting Ipn4gii Na2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to install persistent backdoors, intercept network traffic, pivot to internal networks, or use the device as a foothold for further attacks.

🟠

Likely Case

Privilege escalation leading to unauthorized configuration changes, service disruption, or data exfiltration from connected systems.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized users from accessing device management interfaces.

🌐 Internet-Facing: MEDIUM - Devices exposed to the internet could be exploited if management interfaces are accessible and credentials are compromised.

🏢 Internal Only: HIGH - Attackers with internal network access or compromised credentials can exploit this to gain elevated privileges on critical networking equipment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but is straightforward once access is obtained. The vulnerability is in the AT command parser, making exploitation relatively simple for attackers with command-line access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware

Restart Required: Yes

Instructions:

1. Check vendor advisory for firmware updates. 2. Download latest firmware from Microhard support portal. 3. Follow vendor's firmware update procedures. 4. Verify update completion and restart device.

🔧 Temporary Workarounds

Restrict AT Command Access

all

Limit access to device management interfaces and AT command functionality to authorized administrators only.

Network Segmentation

all

Isolate affected devices in separate network segments with strict firewall rules preventing unauthorized access.

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from accessing device management interfaces
Monitor device logs for unusual AT command usage or configuration changes

🔍 How to Verify

Check if Vulnerable:

Check if device responds to AT+MMNAME commands with improper input validation. Requires authenticated access to device console.

Check Version:

ATI (check device information) or vendor-specific version command via serial/USB/network interface

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory and test that AT+MMNAME command properly sanitizes input.

📡 Detection & Monitoring

Log Indicators:

Unusual AT command sequences
Multiple failed authentication attempts followed by AT+MMNAME usage
Unexpected configuration changes

Network Indicators:

Unusual traffic patterns from device
Unexpected outbound connections
AT command traffic from unauthorized sources

SIEM Query:

source="microhard_device" AND (command="AT+MMNAME" OR command="AT*" AND status="success")

📊 Metadata

CVE ID: CVE-2025-35008

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-88

EPSS Score: 0.14% exploit probability (34.4th percentile)

Published: June 8, 2025

Last Updated: January 12, 2026

🔗 References

https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware Permissions Required
https://takeonme.org/cves/cve-2025-35008/ Exploit,Third Party Advisory
https://www.microhardcorp.com/BulletLTE-NA2.php Product
https://www.microhardcorp.com/IPn4Gii-NA2.php Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35008, you might also want to check these: