Skip to main content

CVE-2025-35006: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Microhard IPn4Gii / Bullet-LTE Firmware

High
VulnerabilityCVE-2025-35006cvecve-2025-35006cwe-88
Published: Sun Jun 08 2025 (06/08/2025, 21:05:25 UTC)
Source: CVE Database V5
Vendor/Project: Microhard
Product: IPn4Gii / Bullet-LTE Firmware

Description

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

AI-Powered Analysis

AILast updated: 07/09/2025, 11:42:47 UTC

Technical Analysis

CVE-2025-35006 is a high-severity vulnerability affecting Microhard's IPn4Gii and Bullet-LTE firmware products, specifically those incorporating the BulletLTE-NA2 and IPn4Gii-NA2 modules. The vulnerability is classified under CWE-88, which involves improper neutralization of argument delimiters in commands, commonly known as argument injection. This flaw exists in the handling of the AT+MFPORTFWD command, which is used for port forwarding configuration. An authenticated user with limited privileges can exploit this vulnerability by injecting malicious command arguments through the AT+MFPORTFWD interface. This injection can lead to privilege escalation, allowing the attacker to gain higher-level access than originally permitted. The CVSS v3.1 base score is 7.1, indicating a high severity level. The vector details (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) specify that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and results in high confidentiality and integrity impact (C:H/I:H) but no impact on availability (A:N). At the time of publication, no patches or fixes have been released, and no known exploits have been observed in the wild. The vulnerability poses a significant risk in environments where these devices are deployed, especially since the affected command is related to network configuration, potentially allowing attackers to manipulate network traffic or device behavior after privilege escalation.

Potential Impact

For European organizations, the impact of this vulnerability can be substantial, particularly for those relying on Microhard IPn4Gii and Bullet-LTE modules in critical communication infrastructure. These devices are often used in industrial IoT, remote telemetry, and private LTE networks, which are common in sectors such as manufacturing, utilities, transportation, and emergency services. Exploitation could allow attackers to escalate privileges and alter network forwarding rules, potentially intercepting, redirecting, or disrupting sensitive communications. This could lead to data breaches compromising confidentiality, manipulation of operational data affecting integrity, and indirect operational disruptions. Given the vulnerability requires local access and authentication, insider threats or attackers who have gained initial footholds in the network could leverage this flaw to deepen their control. The lack of a patch increases the window of exposure. Additionally, the high confidentiality and integrity impact ratings suggest that sensitive data and system configurations are at risk, which could have regulatory and compliance implications under GDPR and other European cybersecurity frameworks.

Mitigation Recommendations

Since no official patches are available, European organizations should implement compensating controls to mitigate risk. These include: 1) Restricting access to the management interfaces of affected devices strictly to trusted personnel and networks, using network segmentation and strong access control lists (ACLs). 2) Enforcing multi-factor authentication (MFA) for device management to reduce the risk of credential compromise. 3) Monitoring and logging all AT command usage, especially AT+MFPORTFWD commands, to detect anomalous or unauthorized activity. 4) Applying strict input validation and command filtering at network gateways or proxy devices if possible, to prevent injection attempts. 5) Conducting regular audits of device configurations and privilege assignments to minimize the number of users with elevated privileges. 6) Preparing incident response plans specifically addressing potential exploitation scenarios. 7) Engaging with the vendor for updates and patches, and planning for timely deployment once available. 8) Considering device replacement or firmware upgrades if the risk cannot be adequately mitigated in critical environments.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
AHA
Date Reserved
2025-04-15T20:40:30.571Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6846c60e7b622a9fdf1e793d

Added to database: 6/9/2025, 11:31:26 AM

Last enriched: 7/9/2025, 11:42:47 AM

Last updated: 8/12/2025, 1:03:48 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats