CVE-2018-25144

Name of the Vulnerable Software and Affected Versions Microhard Systems IPn4G version 1.1.0

Description The software contains an authentication bypass that allows authorized attackers to read, modify, or delete arbitrary files. The issue resides in the hidden system-editor.sh script. Attackers can exploit unsanitized parameters to perform unauthorized file system modifications through GET and POST requests. The vulnerable parameters include path, savefile, edit, and delfile.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.