Vulnerability Title: Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Advisory ID: ZSL-2018-5485 Type: Local/Remote Impact: Local/Remote includes: - Privilege Escalation - Exposure of Sensitive Information - DOS - Security Bypass - Manipulation of Data Risk: 5/5 Release Date: 17.07.2018 Description: - A shell script vulnerability allows attackers to manipulate files on the system if inputs are unsanitized. Vendor: - Microhard Systems Inc. - http://www.microhardcorp.com Affected Versions: - IPn4G 1.1.0 build 1098 - IPn3Gb 2.2.0 build 2160 - IPn4Gb 1.1.6 build 1184-14 - ... Tested On: - httpd-ssl-1.0.0 and Linux 2.6.32.9 Vendor Status: - Vulnerability discovered on 13.03.2018 - Public security advisory released on 17.07.2018 PoC: - microhard_fd.txt Credits: - Vulnerability discovered by Gjoko Krstic - References: - cxsecurity.com - packetstormsecurity.com - exploit-db.com - exchange.xforce.ibmcloud.com Changelog: - 17.07.2018 - Initial release - 23.07.2018 - Added references Contact: - Zero Science Lab - Web: http://www.zeroscience.mk - e-mail: lab@zeroscience.mk