Search criteria
15 vulnerabilities found for k3_firmware by phicomm
FKIE_CVE-2022-25218
Vulnerability from fkie_nvd - Published: 2022-03-10 17:47 - Updated: 2024-11-21 06:51
Severity ?
Summary
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219).
References
| URL | Tags | ||
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phicomm | k2_firmware | * | |
| phicomm | k2 | - | |
| phicomm | k3_firmware | * | |
| phicomm | k3 | - | |
| phicomm | k3c_firmware | * | |
| phicomm | k3c | - | |
| phicomm | k2g_firmware | * | |
| phicomm | k2g | - | |
| phicomm | k2p_firmware | * | |
| phicomm | k2p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66980EB4-9FEC-451F-93F1-3E275CD6A462",
"versionEndIncluding": "22.5.9.163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6D3940-9C77-4A8C-AD55-6857491B43B5",
"versionEndIncluding": "21.5.37.246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFD131E-E41A-44BD-81B5-A1A10E64D88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3319332E-25E6-4148-9A57-15FCF51C0413",
"versionEndIncluding": "32.1.15.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D47C172-F2F6-451F-8891-D150DBBA181C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4737564-B92D-408E-81EC-598B76EE347F",
"versionEndIncluding": "22.6.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8AE809-CB81-4CEB-B383-0461E3885892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE04942-4274-4A96-95E4-4838AAAC09A2",
"versionEndIncluding": "20.4.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80A65CA-B4F2-4912-B991-1D60869D5CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the \"plaintext\" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL\u0027s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219)."
},
{
"lang": "es",
"value": "El uso del algoritmo RSA sin OAEP, o cualquier otro esquema de relleno, en telnetd_startup, permite a un atacante no autenticado en la red de \u00e1rea local lograr un grado significativo de control sobre \"texto plano\" al que un blob arbitrario de texto cifrado ser\u00e1 descifrado por la funci\u00f3n RSA_public_decrypt() de OpenSSL. Esta debilidad permite al atacante manipular las diversas iteraciones de la m\u00e1quina de estado de inicio de telnetd y eventualmente obtener un shell de root en el dispositivo, mediante un intercambio de paquetes UDP dise\u00f1ados. En todas las versiones excepto K2 22.5.9.163 y K3C 32.1.15.93 un ataque con \u00e9xito tambi\u00e9n requiere la explotaci\u00f3n de un error de interacci\u00f3n de byte nulo (CVE-2022-25219)"
}
],
"id": "CVE-2022-25218",
"lastModified": "2024-11-21T06:51:49.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:02.133",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25219
Vulnerability from fkie_nvd - Published: 2022-03-10 17:47 - Updated: 2024-11-21 06:51
Severity ?
Summary
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).
References
| URL | Tags | ||
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phicomm | k2_firmware | * | |
| phicomm | k2 | - | |
| phicomm | k3_firmware | * | |
| phicomm | k3 | - | |
| phicomm | k3c_firmware | * | |
| phicomm | k3c | - | |
| phicomm | k2g_firmware | * | |
| phicomm | k2g | - | |
| phicomm | k2p_firmware | * | |
| phicomm | k2p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66980EB4-9FEC-451F-93F1-3E275CD6A462",
"versionEndIncluding": "22.5.9.163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6D3940-9C77-4A8C-AD55-6857491B43B5",
"versionEndIncluding": "21.5.37.246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFD131E-E41A-44BD-81B5-A1A10E64D88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3319332E-25E6-4148-9A57-15FCF51C0413",
"versionEndIncluding": "32.1.15.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D47C172-F2F6-451F-8891-D150DBBA181C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4737564-B92D-408E-81EC-598B76EE347F",
"versionEndIncluding": "22.6.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8AE809-CB81-4CEB-B383-0461E3885892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE04942-4274-4A96-95E4-4838AAAC09A2",
"versionEndIncluding": "20.4.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80A65CA-B4F2-4912-B991-1D60869D5CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."
},
{
"lang": "es",
"value": "Se ha detectado un error de interacci\u00f3n de bytes nulos en el c\u00f3digo que el demonio telnetd_startup usa para construir un par de contrase\u00f1as ef\u00edmeras que permiten a un usuario generar un servicio de telnet en el router, y para asegurar que el servicio de telnet persiste tras el reinicio. Por medio de un intercambio dise\u00f1ado de paquetes UDP, un atacante no autenticado en la red local puede aprovechar este error de interacci\u00f3n de bytes nulos de tal manera que haga que esas contrase\u00f1as ef\u00edmeras sean predecibles (con una probabilidad de 1 en 94). Dado que el atacante debe manipular los datos procesados por la funci\u00f3n RSA_public_decrypt() de OpenSSL, una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad depende del uso de un cifrado RSA sin relleno (CVE-2022-25218)"
}
],
"id": "CVE-2022-25219",
"lastModified": "2024-11-21T06:51:49.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:02.457",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25215
Vulnerability from fkie_nvd - Published: 2022-03-10 17:47 - Updated: 2024-11-21 06:51
Severity ?
Summary
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
References
| URL | Tags | ||
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phicomm | k2_firmware | * | |
| phicomm | k2 | - | |
| phicomm | k3_firmware | * | |
| phicomm | k3 | - | |
| phicomm | k3c_firmware | * | |
| phicomm | k3c | - | |
| phicomm | k2g_firmware | * | |
| phicomm | k2g | - | |
| phicomm | k2p_firmware | * | |
| phicomm | k2p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66980EB4-9FEC-451F-93F1-3E275CD6A462",
"versionEndIncluding": "22.5.9.163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6D3940-9C77-4A8C-AD55-6857491B43B5",
"versionEndIncluding": "21.5.37.246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFD131E-E41A-44BD-81B5-A1A10E64D88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3319332E-25E6-4148-9A57-15FCF51C0413",
"versionEndIncluding": "32.1.15.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D47C172-F2F6-451F-8891-D150DBBA181C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4737564-B92D-408E-81EC-598B76EE347F",
"versionEndIncluding": "22.6.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8AE809-CB81-4CEB-B383-0461E3885892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE04942-4274-4A96-95E4-4838AAAC09A2",
"versionEndIncluding": "20.4.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80A65CA-B4F2-4912-B991-1D60869D5CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself."
},
{
"lang": "es",
"value": "Un control de acceso inapropiado en la interfaz LocalMACConfig.asp permite a un atacante remoto no autenticado a\u00f1adir (o eliminar) direcciones MAC de clientes a (o desde) una lista de hosts prohibidos. Los clientes con esas direcciones MAC no pueden acceder a la WAN o al propio router"
}
],
"id": "CVE-2022-25215",
"lastModified": "2024-11-21T06:51:49.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:01.490",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25214
Vulnerability from fkie_nvd - Published: 2022-03-10 17:47 - Updated: 2024-11-21 06:51
Severity ?
Summary
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.
References
| URL | Tags | ||
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phicomm | k2_firmware | * | |
| phicomm | k2 | - | |
| phicomm | k3_firmware | * | |
| phicomm | k3 | - | |
| phicomm | k3c_firmware | * | |
| phicomm | k3c | - | |
| phicomm | k2g_firmware | * | |
| phicomm | k2g | - | |
| phicomm | k2p_firmware | * | |
| phicomm | k2p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66980EB4-9FEC-451F-93F1-3E275CD6A462",
"versionEndIncluding": "22.5.9.163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6D3940-9C77-4A8C-AD55-6857491B43B5",
"versionEndIncluding": "21.5.37.246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFD131E-E41A-44BD-81B5-A1A10E64D88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3319332E-25E6-4148-9A57-15FCF51C0413",
"versionEndIncluding": "32.1.15.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D47C172-F2F6-451F-8891-D150DBBA181C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4737564-B92D-408E-81EC-598B76EE347F",
"versionEndIncluding": "22.6.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8AE809-CB81-4CEB-B383-0461E3885892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE04942-4274-4A96-95E4-4838AAAC09A2",
"versionEndIncluding": "20.4.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80A65CA-B4F2-4912-B991-1D60869D5CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN."
},
{
"lang": "es",
"value": "Un control de acceso inapropiado en la interfaz LocalClientList.asp permite a un atacante remoto no autenticado obtener informaci\u00f3n confidencial sobre los dispositivos de la red de \u00e1rea local, incluyendo las direcciones IP y MAC. El control de acceso inapropiado en la interfaz wirelesssetup.asp permite a un atacante remoto no autenticado obtener las frases de acceso WPA para las redes inal\u00e1mbricas de 2,4 y 5,0 GHz. Esto es particularmente peligroso dado que el asistente de configuraci\u00f3n de K2G presenta al usuario la opci\u00f3n de usar la misma contrase\u00f1a para la red de 2,4Ghz y la interfaz administrativa, haciendo clic en una casilla de verificaci\u00f3n. Cuando la Administraci\u00f3n Remota est\u00e1 habilitada, estos endpoints est\u00e1n expuestos a la WAN"
}
],
"id": "CVE-2022-25214",
"lastModified": "2024-11-21T06:51:49.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:01.153",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25213
Vulnerability from fkie_nvd - Published: 2022-03-10 17:47 - Updated: 2024-11-21 06:51
Severity ?
Summary
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
References
| URL | Tags | ||
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2022-01 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phicomm | k2_firmware | * | |
| phicomm | k2 | - | |
| phicomm | k3_firmware | * | |
| phicomm | k3 | - | |
| phicomm | k3c_firmware | * | |
| phicomm | k3c | - | |
| phicomm | k2g_firmware | * | |
| phicomm | k2g | - | |
| phicomm | k2p_firmware | * | |
| phicomm | k2p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66980EB4-9FEC-451F-93F1-3E275CD6A462",
"versionEndIncluding": "22.5.9.163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6D3940-9C77-4A8C-AD55-6857491B43B5",
"versionEndIncluding": "21.5.37.246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFD131E-E41A-44BD-81B5-A1A10E64D88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3319332E-25E6-4148-9A57-15FCF51C0413",
"versionEndIncluding": "32.1.15.93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D47C172-F2F6-451F-8891-D150DBBA181C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4737564-B92D-408E-81EC-598B76EE347F",
"versionEndIncluding": "22.6.3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8AE809-CB81-4CEB-B383-0461E3885892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE04942-4274-4A96-95E4-4838AAAC09A2",
"versionEndIncluding": "20.4.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80A65CA-B4F2-4912-B991-1D60869D5CB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell."
},
{
"lang": "es",
"value": "Un control de acceso f\u00edsico inapropiado y el uso de credenciales embebidas en /etc/passwd permite a un atacante con acceso f\u00edsico obtener un shell de root por medio de un puerto UART desprotegido en el dispositivo. El mismo puerto expone un shell Das U-Boot BIOS no autenticado"
}
],
"id": "CVE-2022-25213",
"lastModified": "2024-11-21T06:51:49.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:00.777",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
},
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-25219 (GCVE-0-2022-25219)
Vulnerability from cvelistv5 – Published: 2022-03-07 21:56 – Updated: 2024-08-03 04:36
VLAI?
Summary
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).
Severity ?
No CVSS data available.
CWE
- Null Byte Interaction Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K3 >= 21.5.37.246, K3C >= 32.1.22.113, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:05.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.22.113, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Byte Interaction Error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:56:51",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.22.113, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Byte Interaction Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25219",
"datePublished": "2022-03-07T21:56:51",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:05.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25213 (GCVE-0-2022-25213)
Vulnerability from cvelistv5 – Published: 2022-03-07 21:55 – Updated: 2024-08-03 04:36
VLAI?
Summary
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
Severity ?
No CVSS data available.
CWE
- Improper physical access control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K3C
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K3C"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper physical access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:55:25",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K3C"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper physical access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25213",
"datePublished": "2022-03-07T21:55:25",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25215 (GCVE-0-2022-25215)
Vulnerability from cvelistv5 – Published: 2022-03-07 21:53 – Updated: 2024-08-03 04:36
VLAI?
Summary
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
Severity ?
No CVSS data available.
CWE
- Improper access control leading to denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control leading to denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:53:11",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control leading to denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25215",
"datePublished": "2022-03-07T21:53:11",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25218 (GCVE-0-2022-25218)
Vulnerability from cvelistv5 – Published: 2022-03-07 21:50 – Updated: 2024-08-03 04:36
VLAI?
Summary
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219).
Severity ?
No CVSS data available.
CWE
- Use of RSA Algorithm without OAEP
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K2 >= 22.5.9.163, K3 >= 21.5.37.246, K3C >= 32.1.15.93, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K2 \u003e= 22.5.9.163, K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.15.93, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the \"plaintext\" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL\u0027s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of RSA Algorithm without OAEP",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:50:25",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2 \u003e= 22.5.9.163, K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.15.93, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the \"plaintext\" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL\u0027s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of RSA Algorithm without OAEP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25218",
"datePublished": "2022-03-07T21:50:25",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25214 (GCVE-0-2022-25214)
Vulnerability from cvelistv5 – Published: 2022-03-07 21:47 – Updated: 2024-08-03 04:36
VLAI?
Summary
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.
Severity ?
No CVSS data available.
CWE
- Improper access control leading to information leaks
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:05.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control leading to information leaks",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:47:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control leading to information leaks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25214",
"datePublished": "2022-03-07T21:47:00",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:05.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25219 (GCVE-0-2022-25219)
Vulnerability from nvd – Published: 2022-03-07 21:56 – Updated: 2024-08-03 04:36
VLAI?
Summary
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).
Severity ?
No CVSS data available.
CWE
- Null Byte Interaction Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K3 >= 21.5.37.246, K3C >= 32.1.22.113, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:05.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.22.113, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Byte Interaction Error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:56:51",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.22.113, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Byte Interaction Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25219",
"datePublished": "2022-03-07T21:56:51",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:05.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25213 (GCVE-0-2022-25213)
Vulnerability from nvd – Published: 2022-03-07 21:55 – Updated: 2024-08-03 04:36
VLAI?
Summary
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
Severity ?
No CVSS data available.
CWE
- Improper physical access control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K3C
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K3C"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper physical access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:55:25",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K3C"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper physical access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25213",
"datePublished": "2022-03-07T21:55:25",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25215 (GCVE-0-2022-25215)
Vulnerability from nvd – Published: 2022-03-07 21:53 – Updated: 2024-08-03 04:36
VLAI?
Summary
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
Severity ?
No CVSS data available.
CWE
- Improper access control leading to denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control leading to denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:53:11",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control leading to denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25215",
"datePublished": "2022-03-07T21:53:11",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25218 (GCVE-0-2022-25218)
Vulnerability from nvd – Published: 2022-03-07 21:50 – Updated: 2024-08-03 04:36
VLAI?
Summary
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219).
Severity ?
No CVSS data available.
CWE
- Use of RSA Algorithm without OAEP
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K2 >= 22.5.9.163, K3 >= 21.5.37.246, K3C >= 32.1.15.93, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K2 \u003e= 22.5.9.163, K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.15.93, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the \"plaintext\" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL\u0027s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of RSA Algorithm without OAEP",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:50:25",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2 \u003e= 22.5.9.163, K3 \u003e= 21.5.37.246, K3C \u003e= 32.1.15.93, K2P \u003e= 20.4.1.7, K2 A7 \u003e= 22.6.506.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the \"plaintext\" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL\u0027s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of RSA Algorithm without OAEP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25218",
"datePublished": "2022-03-07T21:50:25",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25214 (GCVE-0-2022-25214)
Vulnerability from nvd – Published: 2022-03-07 21:47 – Updated: 2024-08-03 04:36
VLAI?
Summary
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.
Severity ?
No CVSS data available.
CWE
- Improper access control leading to information leaks
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Phicomm Routers |
Affected:
K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:05.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phicomm Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control leading to information leaks",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T21:47:00",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phicomm Routers",
"version": {
"version_data": [
{
"version_value": "K2G A1 \u003e= 22.6.3.20, K2 A7 \u003e= 22.6.506.28, K2G A1 \u003e= 22.6.3.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control leading to information leaks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25214",
"datePublished": "2022-03-07T21:47:00",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:05.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}