Vulnerabilities > Phicomm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-40796 | Command Injection vulnerability in Phicomm K2 Firmware 22.6.529.216 Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. | 7.8 |
| 2023-01-27 | CVE-2022-48070 | OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.534.263 Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | 7.8 |
| 2023-01-27 | CVE-2022-48071 | Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263 Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | 7.5 |
| 2023-01-27 | CVE-2022-48072 | OS Command Injection vulnerability in Phicomm K2 Firmware 22.6.3.20 Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | 7.8 |
| 2023-01-27 | CVE-2022-48073 | Cleartext Storage of Sensitive Information vulnerability in Phicomm K2 Firmware 22.6.534.263 Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext. | 7.5 |
| 2022-07-19 | CVE-2022-27373 | OS Command Injection vulnerability in Phicomm Fir303B Firmware Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function. | 8.8 |
| 2022-03-10 | CVE-2022-25214 | Unspecified vulnerability in Phicomm products Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. | 7.4 |
| 2022-03-10 | CVE-2022-25217 | Use of Hard-coded Credentials vulnerability in Phicomm K2 Firmware and K3C Firmware Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. | 7.2 |
| 2022-03-10 | CVE-2022-25218 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Phicomm products The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. | 8.1 |
| 2022-03-10 | CVE-2022-25219 | Unspecified vulnerability in Phicomm products A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. | 8.4 |