CVE-2022-25215
First published: Mon Mar 07 2022(Updated: )
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phicomm K2 (psg1218) | <=22.5.9.163 | |
| Phicomm K2 (psg1218) | ||
| Phicomm K3 Firmware | <=21.5.37.246 | |
| Phicomm K3 | ||
| Phicomm K3c | <=32.1.15.93 | |
| Phicomm K3c Firmware | ||
| Phicomm K2g | <=22.6.3.20 | |
| Phicomm K2g Firmware | ||
| Phicomm K2p | <=20.4.1.7 | |
| Phicomm K2p Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-25215?
CVE-2022-25215 is a vulnerability that allows an unauthenticated remote attacker to add or remove client MAC addresses from a list of banned hosts, preventing them from accessing the WAN or the router itself.
Which devices are affected by CVE-2022-25215?
Devices running Phicomm K2 Firmware up to version 22.5.9.163, Phicomm K3 Firmware up to version 21.5.37.246, Phicomm K3c Firmware up to version 32.1.15.93, Phicomm K2g Firmware up to version 22.6.3.20, and Phicomm K2p Firmware up to version 20.4.1.7 are affected by CVE-2022-25215.
What is the severity of CVE-2022-25215?
CVE-2022-25215 has a severity rating of 5.3, which is considered medium.
How can I fix CVE-2022-25215?
Currently, there are no known fixes or patches available for CVE-2022-25215. It is recommended to apply any security updates provided by the device manufacturer or consider using alternative security measures.
Where can I find more information about CVE-2022-25215?
You can find more information about CVE-2022-25215 on the Tenable website: https://www.tenable.com/security/research/tra-2022-01
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/phicomm
- canonical/phicomm k2 (psg1218)
- version/phicomm k2 (psg1218)/22.5.9.163
- canonical/phicomm k3 firmware
- version/phicomm k3 firmware/21.5.37.246
- canonical/phicomm k3
- canonical/phicomm k3c
- version/phicomm k3c/32.1.15.93
- canonical/phicomm k3c firmware
- canonical/phicomm k2g
- version/phicomm k2g/22.6.3.20
- canonical/phicomm k2g firmware
- canonical/phicomm k2p
- version/phicomm k2p/20.4.1.7
- canonical/phicomm k2p firmware