Login Sign Up

CVE-2025-35010

7.1 HIGH

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletLTE-NA2 and IPn4Gii-NA2 devices through improper input validation in the AT+MNPINGTM command. Attackers can escalate privileges and potentially gain full control of affected devices. Organizations using these specific Microhard cellular routers are at risk.

💻 Affected Systems

Products:
  • Microhard BulletLTE-NA2
  • Microhard IPn4Gii-NA2
Versions: All versions prior to patch
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authentication to exploit, but default credentials may be used if not changed.

📦 What is this software?

Bulletlte Na2 Firmware by Microhardcorp

View all CVEs affecting Bulletlte Na2 Firmware →

Ipn4gii Na2 Firmware by Microhardcorp

View all CVEs affecting Ipn4gii Na2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to reconfigure network settings, intercept traffic, establish persistence, and pivot to internal networks.

🟠

Likely Case

Privilege escalation leading to unauthorized administrative access, configuration changes, and potential data interception.

🟢

If Mitigated

Limited impact if devices are properly segmented, have strong authentication, and command injection attempts are blocked.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware

Restart Required: Yes

Instructions:

1. Monitor vendor advisory for patch release. 2. Download firmware update from Microhard support portal. 3. Apply update following vendor instructions. 4. Reboot device.

🔧 Temporary Workarounds

Restrict AT command access

all

Limit access to AT command interface to trusted management networks only

Change default credentials

all

Ensure strong, unique passwords are set for all administrative accounts

🧯 If You Can't Patch

  • Network segmentation: Isolate affected devices in separate VLANs with strict firewall rules
  • Monitor for suspicious AT command usage and authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check if device responds to AT+MNPINGTM command with improper input validation

Check Version:

ATI (check firmware version via serial/console)

Verify Fix Applied:

Test if command injection attempts are properly sanitized after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual AT command sequences
  • Multiple failed authentication attempts followed by AT+MNPINGTM usage
  • Privilege escalation attempts

Network Indicators:

  • Unexpected serial/console traffic to devices
  • AT command usage from unauthorized sources

SIEM Query:

source="device_logs" AND (command="AT+MNPINGTM" OR command="AT+" AND contains(arguments, ";"))

📊 Metadata

CVE ID: CVE-2025-35010
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-88
EPSS Score: 0.19% exploit probability (41.1th percentile)
Published: June 8, 2025
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35010, you might also want to check these:

CVE-2023-6269 10.0

An argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF products allows una...

Same vulnerability type (CWE-88)
CVE-2024-47553 9.9

This vulnerability in Siemens SINEC Security Monitor allows authenticated low-privileged remote atta...

Same vulnerability type (CWE-88)
CVE-2024-39930 9.9

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by explo...

Same vulnerability type (CWE-88)