CVE-2022-25214
First published: Mon Mar 07 2022(Updated: )
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phicomm K2 (psg1218) | <=22.5.9.163 | |
| Phicomm K2 (psg1218) | ||
| Phicomm K3 Firmware | <=21.5.37.246 | |
| Phicomm K3 | ||
| Phicomm K3c | <=32.1.15.93 | |
| Phicomm K3c Firmware | ||
| Phicomm K2g | <=22.6.3.20 | |
| Phicomm K2g Firmware | ||
| Phicomm K2p | <=20.4.1.7 | |
| Phicomm K2p Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-25214?
CVE-2022-25214 is a vulnerability that allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network.
How does CVE-2022-25214 impact Phicomm K2 Firmware?
CVE-2022-25214 affects Phicomm K2 Firmware with versions up to and including 22.5.9.163.
How does CVE-2022-25214 impact Phicomm K3 Firmware?
CVE-2022-25214 affects Phicomm K3 Firmware with versions up to and including 21.5.37.246.
How does CVE-2022-25214 impact Phicomm K3c Firmware?
CVE-2022-25214 affects Phicomm K3c Firmware with versions up to and including 32.1.15.93.
How does CVE-2022-25214 impact Phicomm K2g Firmware?
CVE-2022-25214 affects Phicomm K2g Firmware with versions up to and including 22.6.3.20.
How does CVE-2022-25214 impact Phicomm K2p Firmware?
CVE-2022-25214 affects Phicomm K2p Firmware with versions up to and including 20.4.1.7.
What is the severity of CVE-2022-25214?
CVE-2022-25214 has a severity rating of 7.4 (High).
Where can I find more information about CVE-2022-25214?
You can find more information about CVE-2022-25214 at https://www.tenable.com/security/research/tra-2022-01.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/phicomm
- canonical/phicomm k2 (psg1218)
- version/phicomm k2 (psg1218)/22.5.9.163
- canonical/phicomm k3 firmware
- version/phicomm k3 firmware/21.5.37.246
- canonical/phicomm k3
- canonical/phicomm k3c
- version/phicomm k3c/32.1.15.93
- canonical/phicomm k3c firmware
- canonical/phicomm k2g
- version/phicomm k2g/22.6.3.20
- canonical/phicomm k2g firmware
- canonical/phicomm k2p
- version/phicomm k2p/20.4.1.7
- canonical/phicomm k2p firmware