Multiple vulnerabilities in Phicomm Routers
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-25214 CVE-2022-25215 CVE-2022-25217 CVE-2022-25218 CVE-2022-25219 CVE-2022-25213 |
| CWE-ID | CWE-284 CWE-321 CWE-158 CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
K2 Hardware solutions / Routers & switches, VoIP, GSM, etc K3 Hardware solutions / Routers & switches, VoIP, GSM, etc K3C Hardware solutions / Routers & switches, VoIP, GSM, etc K2 A7 Hardware solutions / Routers & switches, VoIP, GSM, etc K2G A1 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | PHICOMM |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU61200
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-25214
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the LocalClientList.asp interface. A remote attacker can bypass implemented security restrictions and obtain sensitive information concerning devices on the local area network, including IP and MAC addresses.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsK2: 22.5.9.163
K3: 21.5.37.246
K3C: 32.1.15.93 - 33.1.25.177
K2 A7: 22.6.506.28
K2G A1: 22.6.3.20
External linkshttp://www.tenable.com/security/research/tra-2022-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU61201
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-25215
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the LocalMACConfig.asp interface. A remote attacker can add (or remove) client MAC addresses to (or from) a list of banned hosts and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsK2: 22.5.9.163
K3: 21.5.37.246
K3C: 32.1.15.93 - 33.1.25.177
K2 A7: 22.6.506.28
K2G A1: 22.6.3.20
External linkshttp://www.tenable.com/security/research/tra-2022-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Hard-coded Cryptographic Key
EUVDB-ID: #VU61202
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-25217
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product has a hardcoded private key pair by the telnetd_startup service. A remote attacker on the local network can obtain a root shell on the device over telnet.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsK2: 22.5.9.163
K3: 21.5.37.246
K3C: 32.1.15.93 - 33.1.25.177
K2 A7: 22.6.506.28
K2G A1: 22.6.3.20
External linkshttp://www.tenable.com/security/research/tra-2022-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU61204
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-25218
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the use of the RSA algorithm without OAEP or any other padding scheme in telnetd_startup. A remote attacker on the local network can manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsK2: 22.5.9.163
K3: 21.5.37.246
K3C: 32.1.15.93 - 33.1.25.177
K2 A7: 22.6.506.28
K2G A1: 22.6.3.20
External linkshttp://www.tenable.com/security/research/tra-2022-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Neutralization of Null Byte or NUL Character
EUVDB-ID: #VU61206
Risk: Medium
CVSSv3.1: 7.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-25219
CWE-ID:
CWE-158 - Improper Neutralization of Null Byte or NUL Character
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a null byte interaction error in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords. A remote attacker on the local network can use specially crafted UDP packets and make those ephemeral passwords predictable.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsK2: 22.5.9.163
K3: 21.5.37.246
K3C: 32.1.15.93 - 33.1.25.177
K2 A7: 22.6.506.28
K2G A1: 22.6.3.20
External linkshttp://www.tenable.com/security/research/tra-2022-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of hard-coded credentials
EUVDB-ID: #VU61207
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-25213
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to improper access control and use of hard-coded credentials in /etc/passwd. An attacker with physical access can obtain a root shell via an unprotected UART port on the device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsK2: 22.5.9.163
K3: 21.5.37.246
K3C: 32.1.15.93 - 33.1.25.177
K2 A7: 22.6.506.28
K2G A1: 22.6.3.20
External linkshttp://www.tenable.com/security/research/tra-2022-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
