Phicomm k2 v22.6.529.216 exists to contain a command injection vulnerability via the function luci.sys.call.
phicomm k2_firmware 22.6.529.216