{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:12:34.696","vulnerabilities":[{"cve":{"id":"CVE-2025-35009","sourceIdentifier":"cve@takeonme.org","published":"2025-06-08T21:15:32.500","lastModified":"2026-01-12T16:55:01.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing."},{"lang":"es","value":"Los productos que incorporan Microhard BulletLTE-NA2 e IPn4Gii-NA2 son vulnerables a un problema de inyección de comandos posterior a la autenticación en el comando AT+MNNETSP, que puede provocar una escalada de privilegios. Se trata de una instancia de CWE-88, \"Neutralización incorrecta de delimitadores de argumentos en un comando ('Inyección de argumentos')\", y se estima como CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Este problema no se había solucionado en general al momento de la primera publicación de este registro CVE."}],"metrics":{"cvssMetricV31":[{"source":"cve@takeonme.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"cve@takeonme.org","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microhardcorp:ipn4gii-na2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0-r1132","matchCriteriaId":"5B0A7633-8E29-4761-94D7-656C67A72FC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:microhardcorp:ipn4gii-na2:-:*:*:*:*:*:*:*","matchCriteriaId":"9D8B1631-C059-48E8-BA76-BDCBD1087DCE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microhardcorp:bulletlte-na2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0-r1132","matchCriteriaId":"09CD4AAD-FA35-4D4B-B7E9-C8A432C4DA44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:microhardcorp:bulletlte-na2:-:*:*:*:*:*:*:*","matchCriteriaId":"66AD0782-1211-4965-91C9-3E0B990DB5DA"}]}]}],"references":[{"url":"https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware","source":"cve@takeonme.org","tags":["Permissions Required"]},{"url":"https://takeonme.org/cves/cve-2025-35009/","source":"cve@takeonme.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.microhardcorp.com/BulletLTE-NA2.php","source":"cve@takeonme.org","tags":["Product"]},{"url":"https://www.microhardcorp.com/IPn4Gii-NA2.php","source":"cve@takeonme.org","tags":["Product"]}]}}]}