Skip to main content

CVE-2025-35005: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Microhard IPn4Gii / Bullet-LTE Firmware

High
VulnerabilityCVE-2025-35005cvecve-2025-35005cwe-88
Published: Sun Jun 08 2025 (06/08/2025, 21:05:15 UTC)
Source: CVE Database V5
Vendor/Project: Microhard
Product: IPn4Gii / Bullet-LTE Firmware

Description

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AI-Powered Analysis

AILast updated: 07/09/2025, 11:42:31 UTC

Technical Analysis

CVE-2025-35005 is a high-severity vulnerability affecting Microhard's IPn4Gii-NA2 and BulletLTE-NA2 firmware products. The flaw is categorized under CWE-88, which involves improper neutralization of argument delimiters in commands, commonly referred to as argument injection. Specifically, this vulnerability resides in the handling of the AT+MFMAC command, which is used for device management or configuration. An authenticated attacker with low privileges can exploit this command injection flaw to escalate their privileges on the device. The vulnerability allows injection of malicious arguments into the command, leading to unauthorized execution of commands with elevated privileges. The CVSS 3.1 score is 7.1, reflecting high impact on confidentiality and integrity, with no impact on availability. The attack vector is local (AV:L), requiring the attacker to have some level of access (PR:L) but no user interaction (UI:N). The vulnerability is unpatched as of the initial disclosure date (June 8, 2025), and no known exploits have been reported in the wild yet. Given the nature of the devices—industrial-grade LTE routers and modems used for critical communications in remote or industrial environments—this vulnerability poses a significant risk if exploited, potentially allowing attackers to manipulate device configurations, intercept or alter network traffic, or pivot into internal networks.

Potential Impact

For European organizations, particularly those in sectors relying on industrial IoT, critical infrastructure, or remote communications (such as utilities, transportation, manufacturing, and energy), this vulnerability could have serious consequences. Exploitation could lead to unauthorized access to sensitive network segments, data exfiltration, or disruption of communications. The ability to escalate privileges on these devices could enable attackers to bypass security controls, manipulate network traffic, or deploy further attacks within the organization's network. Given the increasing adoption of LTE-based industrial communication devices in Europe, the risk extends to operational technology environments where availability and integrity of communications are critical. The lack of a patch increases exposure, and the post-authentication requirement means insider threats or compromised credentials could facilitate exploitation. The confidentiality and integrity impacts are high, potentially leading to data breaches or sabotage of industrial processes.

Mitigation Recommendations

Organizations should immediately inventory their use of Microhard IPn4Gii-NA2 and BulletLTE-NA2 devices to identify affected firmware versions. Until a patch is available, strict access controls must be enforced to limit who can authenticate to these devices, including strong credential management and multi-factor authentication where possible. Network segmentation should isolate these devices from general IT networks and limit management access to trusted administrators only. Monitoring and logging of AT command usage should be enabled to detect anomalous or unauthorized command executions. If feasible, disable or restrict the use of the AT+MFMAC command or any remote management interfaces that allow command injection. Additionally, organizations should engage with Microhard or their vendors for updates on patch availability and apply firmware updates promptly once released. Incident response plans should be updated to include detection and mitigation strategies for exploitation attempts of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
AHA
Date Reserved
2025-04-15T20:40:30.571Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6846c60e7b622a9fdf1e793b

Added to database: 6/9/2025, 11:31:26 AM

Last enriched: 7/9/2025, 11:42:31 AM

Last updated: 8/3/2025, 8:21:33 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats