CVE-2025-35008 is a high-severity vulnerability affecting Microhard's IPn4Gii and Bullet-LTE firmware products, specifically those incorporating the BulletLTE-NA2 and IPn4Gii-NA2 modules. The vulnerability is classified under CWE-88, which involves improper neutralization of argument delimiters in commands, commonly known as argument injection. This flaw exists in the handling of the AT+MMNAME command, which is used for device configuration or querying. An authenticated attacker with at least limited privileges can exploit this vulnerability by injecting malicious command arguments through the AT+MMNAME interface. This injection can lead to privilege escalation, allowing the attacker to execute arbitrary commands with elevated privileges on the device. The CVSS 3.1 base score is 7.1, reflecting a high severity due to the significant impact on confidentiality and integrity, though the attack vector is local (AV:L), requiring low attack complexity (AC:L) and some privileges (PR:L), but no user interaction (UI:N). The scope is unchanged (S:U), and the vulnerability does not impact availability (A:N). At the time of the CVE publication, no official patches or fixes have been released, increasing the risk for affected users. The vulnerability is particularly critical because these devices are often used in industrial, critical infrastructure, and remote communication scenarios where secure and reliable connectivity is essential. Exploitation could allow attackers to gain unauthorized control, potentially leading to data exfiltration, manipulation of device behavior, or further network compromise.

For European organizations, the impact of this vulnerability can be substantial, especially for sectors relying on Microhard IPn4Gii and Bullet-LTE devices for critical communications, such as utilities, transportation, manufacturing, and emergency services. Successful exploitation could lead to unauthorized access and control over network communication devices, undermining confidentiality and integrity of transmitted data. This could disrupt operational technology (OT) environments and critical infrastructure, causing operational delays or failures. Additionally, attackers could leverage the elevated privileges to pivot within networks, increasing the risk of broader compromise. Given the local attack vector and requirement for some privileges, insider threats or attackers who have gained initial footholds could exploit this vulnerability to escalate privileges and deepen their access. The lack of available patches further exacerbates the risk, as organizations must rely on compensating controls. The confidentiality impact is high, as sensitive configuration or operational data could be exposed or altered. Integrity is also highly impacted since command injection can modify device behavior. Availability is not directly affected, but indirect effects on service continuity cannot be ruled out if the device is misconfigured or disabled by an attacker.

1. Restrict access to the management interfaces of Microhard IPn4Gii and Bullet-LTE devices to trusted personnel only, using network segmentation and strict access control lists (ACLs). 2. Implement strong authentication mechanisms and monitor for unusual authentication attempts or privilege escalations on these devices. 3. Employ network-level protections such as firewall rules to limit access to the AT command interface, especially from untrusted or external networks. 4. Regularly audit device configurations and logs to detect signs of command injection or unauthorized changes. 5. Until an official patch is released, consider deploying host-based intrusion detection systems (HIDS) or endpoint detection and response (EDR) tools capable of detecting anomalous command executions on these devices. 6. Engage with Microhard for updates and apply patches promptly once available. 7. Where feasible, replace vulnerable devices with alternatives that have a stronger security posture or have been patched. 8. Conduct security awareness training for administrators managing these devices to recognize and respond to potential exploitation attempts. 9. Use VPNs or secure tunnels for remote management to reduce exposure of management interfaces. 10. Implement strict logging and alerting on device management activities to enable rapid incident response.