CVE-2025-35004 in IPn4Giiinfo

Summary

by MITRE • 06/09/2025

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/12/2026

The vulnerability identified as CVE-2025-35004 affects Microhard BulletLTE-NA2 and IPn4Gii-NA2 communication devices that are widely deployed in industrial and enterprise networking environments. These devices operate as cellular data routers and communication modules that facilitate network connectivity for various critical infrastructure applications. The vulnerability resides within the AT+MFIP command implementation which serves as a management interface for configuring network parameters and device settings. This command injection flaw represents a significant security weakness as it allows authenticated attackers to execute arbitrary commands on the affected devices with elevated privileges. The issue manifests as a post-authentication vulnerability, meaning that an attacker must first establish valid credentials to exploit the flaw, but once authenticated, they can leverage this weakness to gain unauthorized access to system resources and potentially escalate their privileges to administrative levels.

The technical root cause of this vulnerability aligns with CWE-88, which specifically addresses improper neutralization of argument delimiters in command execution contexts. This flaw occurs when the system fails to properly sanitize or escape user-supplied input before incorporating it into system commands. The AT+MFIP command processes input parameters that are directly passed to underlying operating system commands without adequate validation or sanitization, creating a pathway for attackers to inject malicious commands through carefully crafted parameter values. This type of injection vulnerability is particularly dangerous because it can bypass traditional security controls and directly leverage the device's command processing capabilities. The vulnerability's classification as CVSS 7.1 indicates a high severity level with local access requirements, low complexity, and significant impact on confidentiality and integrity, though it does not directly affect availability.

The operational impact of this vulnerability extends beyond simple privilege escalation to potentially compromise entire network infrastructures that rely on these devices for connectivity. Attackers could exploit this flaw to gain unauthorized access to network configurations, modify routing parameters, intercept communications, or even disable critical network services. In industrial environments where these devices support critical operations, such as smart grid management, transportation systems, or manufacturing processes, the potential consequences could be severe. The vulnerability's presence in devices that are often deployed in remote or unattended locations makes it particularly concerning, as it could enable persistent access to networks without detection. Organizations using these devices may face significant operational disruptions, data breaches, or regulatory compliance violations if this vulnerability is exploited successfully.

Mitigation strategies for CVE-2025-35004 should focus on immediate protective measures while awaiting official patches from Microhard. Network administrators should implement strict access controls and monitor for unusual authentication patterns or command execution attempts on affected devices. The principle of least privilege should be enforced by limiting administrative access to only essential personnel and implementing multi-factor authentication where possible. Network segmentation can help contain potential exploitation by isolating these devices from critical internal systems. Organizations should also consider implementing intrusion detection systems that can identify suspicious command injection patterns in network traffic. Regular security audits of device configurations and monitoring for unauthorized changes should be established as part of ongoing security operations. The vulnerability's status as an unpatched issue at the time of CVE publication emphasizes the importance of defensive measures such as network monitoring, access restrictions, and operational procedures that minimize the attack surface. Additionally, organizations should maintain detailed inventories of all affected devices and implement rapid response protocols for potential exploitation attempts, as the lack of general fixes makes proactive security measures critical for maintaining operational security.

Responsible

AHA

Reservation

04/15/2025

Disclosure

06/09/2025

Moderation

accepted

CPE

ready

EPSS

0.01012

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!