Vulnerabilities > Phicomm

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-25218 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Phicomm products
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function.
network
high complexity
phicomm CWE-327
8.1
2022-03-10 CVE-2022-25219 Unspecified vulnerability in Phicomm products
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot.
local
low complexity
phicomm
8.4
2019-11-18 CVE-2019-19117 OS Command Injection vulnerability in Phicomm K2(Psg1218) Firmware 22.5.9.163
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
network
low complexity
phicomm CWE-78
critical
9.0
2017-07-20 CVE-2017-11495 Improper Input Validation vulnerability in Phicomm K2(Psg1218)-Firmware
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
network
low complexity
phicomm CWE-20
critical
9.0