CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
References
Link Resource
https://www.tenable.com/security/research/tra-2022-01 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*

Information

Published : 2022-03-10 09:47

Updated : 2022-03-17 12:30


NVD link : CVE-2022-25213

Mitre link : CVE-2022-25213


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

phicomm

  • k2g
  • k2p
  • k2p_firmware
  • k3c_firmware
  • k2_firmware
  • k3_firmware
  • k2g_firmware
  • k2
  • k3c
  • k3