CVE-2025-35006 is a high-severity vulnerability affecting Microhard's IPn4Gii and Bullet-LTE firmware products, specifically those incorporating the BulletLTE-NA2 and IPn4Gii-NA2 modules. The vulnerability is classified under CWE-88, which involves improper neutralization of argument delimiters in commands, commonly known as argument injection. This flaw exists in the handling of the AT+MFPORTFWD command, which is used for port forwarding configuration. An authenticated user with limited privileges can exploit this vulnerability by injecting malicious command arguments through the AT+MFPORTFWD interface. This injection can lead to privilege escalation, allowing the attacker to gain higher-level access than originally permitted. The CVSS v3.1 base score is 7.1, indicating a high severity level. The vector details (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) specify that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and results in high confidentiality and integrity impact (C:H/I:H) but no impact on availability (A:N). At the time of publication, no patches or fixes have been released, and no known exploits have been observed in the wild. The vulnerability poses a significant risk in environments where these devices are deployed, especially since the affected command is related to network configuration, potentially allowing attackers to manipulate network traffic or device behavior after privilege escalation.

For European organizations, the impact of this vulnerability can be substantial, particularly for those relying on Microhard IPn4Gii and Bullet-LTE modules in critical communication infrastructure. These devices are often used in industrial IoT, remote telemetry, and private LTE networks, which are common in sectors such as manufacturing, utilities, transportation, and emergency services. Exploitation could allow attackers to escalate privileges and alter network forwarding rules, potentially intercepting, redirecting, or disrupting sensitive communications. This could lead to data breaches compromising confidentiality, manipulation of operational data affecting integrity, and indirect operational disruptions. Given the vulnerability requires local access and authentication, insider threats or attackers who have gained initial footholds in the network could leverage this flaw to deepen their control. The lack of a patch increases the window of exposure. Additionally, the high confidentiality and integrity impact ratings suggest that sensitive data and system configurations are at risk, which could have regulatory and compliance implications under GDPR and other European cybersecurity frameworks.

Since no official patches are available, European organizations should implement compensating controls to mitigate risk. These include: 1) Restricting access to the management interfaces of affected devices strictly to trusted personnel and networks, using network segmentation and strong access control lists (ACLs). 2) Enforcing multi-factor authentication (MFA) for device management to reduce the risk of credential compromise. 3) Monitoring and logging all AT command usage, especially AT+MFPORTFWD commands, to detect anomalous or unauthorized activity. 4) Applying strict input validation and command filtering at network gateways or proxy devices if possible, to prevent injection attempts. 5) Conducting regular audits of device configurations and privilege assignments to minimize the number of users with elevated privileges. 6) Preparing incident response plans specifically addressing potential exploitation scenarios. 7) Engaging with the vendor for updates and patches, and planning for timely deployment once available. 8) Considering device replacement or firmware upgrades if the risk cannot be adequately mitigated in critical environments.