漏洞关键信息 CVE Identifier: ZSL-2018-5484 Title: Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download Type: Local/Remote Impact: Exposure of System Information, Privilege Escalation, Exposure of Sensitive Information, DoS, Security Bypass Risk Level (4/5): 4/5 Release Date: 17.07.2018 Summary The Microhard Systems 3G/4G cellular Ethernet and serial gateway configuration download vulnerability can be exploited by an authenticated attacker in certain circumstances. This enables the attacker to download system backup configuration files like and in multiple locations, leading to sensitive information disclosure and possible privilege escalation. AffectVersion IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.0 build 1086 Bullet-3G 1.2.0 build 1032 Bullet-3G 1.2.0 build 1036 BulletPlus 1.3.0 build 1036 Dragon-LTE 1.1.0 build 1036 Vendor Status 13.03.2018: Vulnerability discovered and vendor contacted. 09.05.2018: No response from Microhard Systems. 10.05.2018: Vendor contacted again. 24.05.2018: No response from Microhard Systems. 25.05.2018: Vendor contacted again. 16.07.2018: No response from Microhard Systems. 17.07.2018: Public security advisory advisory released. Contact: lab@zeroscience.mk References 1. https://www.exploit-db.com/exploit/45036/ 2. https://packetstormsecurity.org/files/148573 3. https://exchange.xforce.ibmcloud.com/vulnerabilities/146623 4. https://cxsecurity.com/issue/WLB-2018070164