Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phicomm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-25215
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote malicious user to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router...
Phicomm K2 Firmware
Phicomm K3 Firmware
Phicomm K3c Firmware
Phicomm K2g Firmware
Phicomm K2p Firmware
6.9
CVSSv2
CVE-2022-25219
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a craft...
Phicomm K2 Firmware
Phicomm K3 Firmware
Phicomm K3c Firmware
Phicomm K2g Firmware
Phicomm K2p Firmware
7.2
CVSSv2
CVE-2022-25213
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
Phicomm K2 Firmware
Phicomm K3 Firmware
Phicomm K3c Firmware
Phicomm K2g Firmware
Phicomm K2p Firmware
5.8
CVSSv2
CVE-2022-25214
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote malicious user to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface al...
Phicomm K2 Firmware
Phicomm K3 Firmware
Phicomm K3c Firmware
Phicomm K2g Firmware
Phicomm K2p Firmware
9.3
CVSSv2
CVE-2022-25218
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decr...
Phicomm K2 Firmware
Phicomm K3 Firmware
Phicomm K3c Firmware
Phicomm K2g Firmware
Phicomm K2p Firmware
NA
CVE-2022-37777
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and previous versions were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function.
Phicomm Fir151b Firmware
Phicomm Fir302e Firmware
Phicomm Fir300b Firmware
Phicomm Fir303b Firmware
NA
CVE-2022-37778
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function.
Phicomm Fir151b Firmware 3.0.1.17
Phicomm Fir302e Firmware 3.0.1.17
Phicomm Fir300b Firmware 3.0.1.17
Phicomm Fir303b Firmware 3.0.1.17
NA
CVE-2022-37779
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function.
Phicomm Fir151b Firmware 3.0.1.17
Phicomm Fir302e Firmware 3.0.1.17
Phicomm Fir300b Firmware 3.0.1.17
Phicomm Fir303b Firmware 3.0.1.17
NA
CVE-2022-37780
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function.
Phicomm Fir151b Firmware 3.0.1.17
Phicomm Fir302e Firmware 3.0.1.17
Phicomm Fir300b Firmware 3.0.1.17
Phicomm Fir303b Firmware 3.0.1.17
7.2
CVSSv2
CVE-2022-25217
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of ...
Phicomm K2 Firmware
Phicomm K3c Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »