CVE-2025-35009

HIGH EPSS 59.4%
Published Jun 8, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Jun 8, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
59.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-88

Affected Products 4

VendorProductVersionRange
microhardcorpipn4gii-na2_firmware* ≤1.2.0-r1132
microhardcorpipn4gii-na2*any
microhardcorpbulletlte-na2_firmware* ≤1.2.0-r1132
microhardcorpbulletlte-na2*any

References 4

  • support.microhardcorp.com https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware
    Permissions Required
  • takeonme.org https://takeonme.org/cves/cve-2025-35009/
    ExploitThird Party Advisory
  • microhardcorp.com https://www.microhardcorp.com/BulletLTE-NA2.php
    Product
  • microhardcorp.com https://www.microhardcorp.com/IPn4Gii-NA2.php
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.