Vulnerabilities > CVE-2022-25215 - Unspecified vulnerability in Phicomm products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

phicomm

NVD

Published: 2022-03-10

Updated: 2023-08-08

Summary

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.

Vulnerable Configurations

Part	Description	Count
OS	Phicomm Phicomm K2 Firmware - Phicomm K2 Firmware 22.5.9.163 Phicomm K3 Firmware - Phicomm K3 Firmware 21.5.37.246 Phicomm K3C Firmware - Phicomm K3C Firmware 32.1.15.93 Phicomm K2G Firmware - Phicomm K2G Firmware 22.6.3.20 Phicomm K2P Firmware - Phicomm K2P Firmware 20.4.1.7	10
Hardware	Phicomm Phicomm K2 - Phicomm K3 - Phicomm K3C - Phicomm K2G - Phicomm K2P -	5

References

https://www.tenable.com/security/research/tra-2022-01