7.4

CVE-2022-25214

Exploit

EPSS 1.25%
Veröffentlicht 10.03.2022 17:47:01
Zuletzt bearbeitet 21.11.2024 06:51:49
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phicomm ≫ K2 Firmware Version <= 22.5.9.163

Phicomm ≫ K2 Version-

Phicomm ≫ K3 Firmware Version <= 21.5.37.246

Phicomm ≫ K3 Version-

Phicomm ≫ K3c Firmware Version <= 32.1.15.93

Phicomm ≫ K3c Version-

Phicomm ≫ K2g Firmware Version <= 22.6.3.20

Phicomm ≫ K2g Version-

Phicomm ≫ K2p Firmware Version <= 20.4.1.7

Phicomm ≫ K2p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.25%	0.787

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.tenable.com/security/research/tra-2022-01

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-25214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25214

EUVD