Phicomm
Products
7- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11495 | Cri | 0.64 | 9.8 | 0.03 | Jul 20, 2017 | PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | ||
| CVE-2019-19117 | 0.01 | — | 0.05 | Nov 18, 2019 | /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter. | |||
| CVE-2022-48073 | 0.00 | — | 0.00 | Jan 27, 2023 | Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext. | |||
| CVE-2022-48072 | 0.00 | — | 0.01 | Jan 27, 2023 | Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | |||
| CVE-2022-37779 | 0.00 | — | 0.02 | Sep 7, 2022 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. | |||
| CVE-2022-37777 | 0.00 | — | 0.02 | Sep 7, 2022 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function. | |||
| CVE-2022-37778 | 0.00 | — | 0.02 | Sep 7, 2022 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. | |||
| CVE-2022-37780 | 0.00 | — | 0.02 | Sep 7, 2022 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. |
- risk 0.64cvss 9.8epss 0.03
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
- CVE-2019-19117Nov 18, 2019risk 0.01cvss —epss 0.05
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
- CVE-2022-48073Jan 27, 2023risk 0.00cvss —epss 0.00
Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext.
- CVE-2022-48072Jan 27, 2023risk 0.00cvss —epss 0.01
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.
- CVE-2022-37779Sep 7, 2022risk 0.00cvss —epss 0.02
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function.
- CVE-2022-37777Sep 7, 2022risk 0.00cvss —epss 0.02
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function.
- CVE-2022-37778Sep 7, 2022risk 0.00cvss —epss 0.02
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function.
- CVE-2022-37780Sep 7, 2022risk 0.00cvss —epss 0.02
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function.