Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Microhard Bullet-LTE and IPn4Gii AT+MFIP Argument Injection
Vulnerability Description
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
参数注入或修改
Vulnerability Title
Microhard BulletLTE‑NA2和Microhard IPn4Gii-NA2 安全漏洞
Vulnerability Description
Microhard BulletLTE‑NA2和Microhard IPn4Gii-NA2都是加拿大Microhard公司的一款网关设备。 Microhard BulletLTE‑NA2和Microhard IPn4Gii-NA2存在安全漏洞,该漏洞源于AT+MFIP命令存在认证后命令注入,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A