CVE-2025-35005 is a high-severity vulnerability affecting Microhard's IPn4Gii-NA2 and BulletLTE-NA2 firmware products. The flaw is categorized under CWE-88, which involves improper neutralization of argument delimiters in commands, commonly referred to as argument injection. Specifically, this vulnerability resides in the handling of the AT+MFMAC command, which is used for device management or configuration. An authenticated attacker with low privileges can exploit this command injection flaw to escalate their privileges on the device. The vulnerability allows injection of malicious arguments into the command, leading to unauthorized execution of commands with elevated privileges. The CVSS 3.1 score is 7.1, reflecting high impact on confidentiality and integrity, with no impact on availability. The attack vector is local (AV:L), requiring the attacker to have some level of access (PR:L) but no user interaction (UI:N). The vulnerability is unpatched as of the initial disclosure date (June 8, 2025), and no known exploits have been reported in the wild yet. Given the nature of the devices—industrial-grade LTE routers and modems used for critical communications in remote or industrial environments—this vulnerability poses a significant risk if exploited, potentially allowing attackers to manipulate device configurations, intercept or alter network traffic, or pivot into internal networks.

For European organizations, particularly those in sectors relying on industrial IoT, critical infrastructure, or remote communications (such as utilities, transportation, manufacturing, and energy), this vulnerability could have serious consequences. Exploitation could lead to unauthorized access to sensitive network segments, data exfiltration, or disruption of communications. The ability to escalate privileges on these devices could enable attackers to bypass security controls, manipulate network traffic, or deploy further attacks within the organization's network. Given the increasing adoption of LTE-based industrial communication devices in Europe, the risk extends to operational technology environments where availability and integrity of communications are critical. The lack of a patch increases exposure, and the post-authentication requirement means insider threats or compromised credentials could facilitate exploitation. The confidentiality and integrity impacts are high, potentially leading to data breaches or sabotage of industrial processes.

Organizations should immediately inventory their use of Microhard IPn4Gii-NA2 and BulletLTE-NA2 devices to identify affected firmware versions. Until a patch is available, strict access controls must be enforced to limit who can authenticate to these devices, including strong credential management and multi-factor authentication where possible. Network segmentation should isolate these devices from general IT networks and limit management access to trusted administrators only. Monitoring and logging of AT command usage should be enabled to detect anomalous or unauthorized command executions. If feasible, disable or restrict the use of the AT+MFMAC command or any remote management interfaces that allow command injection. Additionally, organizations should engage with Microhard or their vendors for updates on patch availability and apply firmware updates promptly once released. Incident response plans should be updated to include detection and mitigation strategies for exploitation attempts of this vulnerability.