CVE-2022-25213

An attacker with physical access to the device connects to the unprotected UART port. The port exposes an unauthenticated Das U-Boot BIOS shell and an OS login prompt. Using the hardcoded credentials root/admin (which cannot be changed through the router's administrative interface), the attacker obtains a root shell on the device [ref_id=1]. No authentication is required for the U-Boot shell, and the OS login credentials are static and well-known.

The vulnerability is in the hardware UART console exposed on the K3C router. The device provides an unprotected UART port that grants access to both a U-Boot BIOS shell and an operating system login prompt. The OS login uses hardcoded credentials (username root, password admin) that cannot be changed through the router's official administrative interface [ref_id=1].

No patch is available. The Phicomm corporation shut down in 2018 and its CEO was arrested in 2021, so these routers will never be patched [ref_id=1]. The advisory notes that the hardcoded password cannot be changed through the router's official administrative interface, and the UART port itself is physically unprotected. There is no remediation available from the vendor.