HackTesting

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab

References

https://www.exploit-db.com/exploits/45034
http://www.microhardcorp.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5478.php