CVE-2025-35008 in IPn4Gii
Summary
by MITRE • 06/09/2025
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/12/2026
The vulnerability identified as CVE-2025-35008 affects specialized telecommunications equipment manufactured by Microhard, specifically the BulletLTE-NA2 and IPn4Gii-NA2 models. These devices operate within critical infrastructure environments where secure communication is paramount, making them attractive targets for adversaries seeking to compromise network operations. The affected products are designed to provide wireless connectivity solutions for industrial and enterprise applications, often deployed in remote or challenging environments where physical access may be limited, thereby increasing the potential impact of remote exploitation.
The technical flaw resides within the AT+MMNAME command implementation, which processes user inputs without proper sanitization of argument delimiters. This command injection vulnerability allows an authenticated attacker to inject malicious commands that execute with the privileges of the affected service. The vulnerability maps directly to CWE-88, which specifically addresses improper neutralization of argument delimiters in command contexts. The flaw occurs when the system fails to properly escape or validate input parameters that are subsequently passed to underlying system commands, creating an environment where attackers can manipulate command execution flow through carefully crafted inputs.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it enables attackers to gain unauthorized control over critical network infrastructure components. The CVSS score of 7.1 indicates a high-severity risk with local authentication requirements and no user interaction needed, suggesting that once an attacker gains access to valid credentials, they can immediately exploit this weakness. The affected devices operate in environments where network reliability and security are essential, making this vulnerability particularly dangerous as it could lead to complete system compromise, data exfiltration, or disruption of critical communications services. The lack of a general fix at the time of CVE publication indicates that this vulnerability may persist across multiple firmware versions, requiring specific vendor patches or configuration workarounds.
Organizations deploying these Microhard devices should implement immediate mitigations including network segmentation to limit access to administrative interfaces, enforcing strong authentication mechanisms, and monitoring for unusual command execution patterns. The vulnerability demonstrates the critical importance of input validation in embedded systems and highlights the need for secure coding practices that prevent command injection attacks. Security teams should also consider implementing network traffic analysis to detect potential exploitation attempts and establish incident response procedures for handling such vulnerabilities. The ATT&CK framework would categorize this vulnerability under T1059.001 for command and script injection, with potential lateral movement opportunities once initial access is achieved. Given the industrial nature of these deployments, organizations should also consider the broader implications for operational technology security and implement comprehensive security controls that address both cybersecurity and physical security concerns.