VYPR

K2\(psg1218\) Firmware

by Phicomm

CVEs (2)

  • CVE-2017-11495CriJul 20, 2017
    risk 0.64cvss 9.8epss 0.03

    PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.

  • CVE-2019-19117Nov 18, 2019
    risk 0.01cvss epss 0.05

    /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.