VYPR
Vendor

Phicomm

Products
7
CVEs
8
Across products
14
Status
Private

Products

7

Recent CVEs

8
  • CVE-2017-11495CriJul 20, 2017
    risk 0.64cvss 9.8epss 0.03

    PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.

  • CVE-2019-19117Nov 18, 2019
    risk 0.01cvss epss 0.05

    /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.

  • CVE-2022-48073Jan 27, 2023
    risk 0.00cvss epss 0.00

    Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.

  • CVE-2022-48072Jan 27, 2023
    risk 0.00cvss epss 0.01

    Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.

  • CVE-2022-37779Sep 7, 2022
    risk 0.00cvss epss 0.02

    Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function.

  • CVE-2022-37777Sep 7, 2022
    risk 0.00cvss epss 0.02

    Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function.

  • CVE-2022-37778Sep 7, 2022
    risk 0.00cvss epss 0.02

    Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function.

  • CVE-2022-37780Sep 7, 2022
    risk 0.00cvss epss 0.02

    Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function.