Phicomm K2G v22.6.3.20 exists to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
phicomm k2_firmware 22.6.3.20