Vulnerabilities > Phicomm > K2 Psg1218 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2019-19117 OS Command Injection vulnerability in Phicomm K2(Psg1218) Firmware 22.5.9.163
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
network
low complexity
phicomm CWE-78
critical
9.0
2017-07-20 CVE-2017-11495 Improper Input Validation vulnerability in Phicomm K2(Psg1218)-Firmware
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
network
low complexity
phicomm CWE-20
critical
9.0