Volerion logoVolerion
Volerion logoVolerion

Microhard Systems IPn4G Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Microhard Systems IPn4G version 1.1.0. This vulnerability allows attackers to perform administrative actions without user consent. By tricking authenticated users into loading a malicious web page, attackers can change admin passwords, add new users, and modify system settings.

Impact

Exploitation of this vulnerability allows for unauthorized administrative actions to be performed on the affected device.

Reproduction

To exploit this vulnerability, an attacker must craft a malicious web page that, when visited by an authenticated user, sends a POST request to the device's web interface with the appropriate administrative commands. This can include changing passwords, adding users, or modifying system settings. The absence of CSRF tokens in the web interface allows these actions to be performed without user consent.

Added: Dec 24, 2025, 8:41 PM
Updated: Dec 24, 2025, 9:43 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
7.7
remediation
0.0
relevance
1.7
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.