Vulnerabilities > Phicomm > K2 Psg1218 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-18 | CVE-2019-19117 | OS Command Injection vulnerability in Phicomm K2(Psg1218) Firmware 22.5.9.163 /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter. | 9.0 |
| 2017-07-20 | CVE-2017-11495 | Improper Input Validation vulnerability in Phicomm K2(Psg1218)-Firmware PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | 9.0 |