Vulnerabilities > Phicomm > K2 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-40796 Command Injection vulnerability in Phicomm K2 Firmware 22.6.529.216
Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call.
local
low complexity
phicomm CWE-77
7.8
2023-01-27 CVE-2022-48070 OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.534.263
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
local
low complexity
phicomm CWE-78
7.8
2023-01-27 CVE-2022-48071 Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.
network
low complexity
phicomm CWE-312
7.5
2023-01-27 CVE-2022-48072 OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.3.20
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
local
low complexity
phicomm CWE-78
7.8
2023-01-27 CVE-2022-48073 Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263
Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.
network
low complexity
phicomm CWE-312
7.5
2022-03-10 CVE-2022-25213 Use of Hard-coded Credentials vulnerability in Phicomm products
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device.
low complexity
phicomm CWE-798
6.8
2022-03-10 CVE-2022-25214 Unspecified vulnerability in Phicomm products
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses.
network
high complexity
phicomm
7.4
2022-03-10 CVE-2022-25215 Unspecified vulnerability in Phicomm products
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts.
network
low complexity
phicomm
5.3
2022-03-10 CVE-2022-25217 Use of Hard-coded Credentials vulnerability in Phicomm K2 Firmware and K3C Firmware
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet.
local
low complexity
phicomm CWE-798
7.2
2022-03-10 CVE-2022-25218 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Phicomm products
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function.
network
high complexity
phicomm CWE-327
8.1