CVE-2022-25215
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
65.0%
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phicomm | k2_firmware | * | cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:* |
| phicomm | k2 | - | cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:* |
| phicomm | k3_firmware | * | cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:* |
| phicomm | k3 | - | cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:* |
| phicomm | k3c_firmware | * | cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:* |
| phicomm | k3c | - | cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:* |
| phicomm | k2g_firmware | * | cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:* |
| phicomm | k2g | - | cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:* |
| phicomm | k2p_firmware | * | cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:* |
| phicomm | k2p | - | cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
65.0%