Vulnerability Description
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phicomm | K2 Firmware | <= 22.5.9.163 |
| Phicomm | K2 | - |
| Phicomm | K3 Firmware | <= 21.5.37.246 |
| Phicomm | K3 | - |
| Phicomm | K3C Firmware | <= 32.1.15.93 |
| Phicomm | K3C | - |
| Phicomm | K2G Firmware | <= 22.6.3.20 |
| Phicomm | K2G | - |
| Phicomm | K2P Firmware | <= 20.4.1.7 |
| Phicomm | K2P | - |
References
- https://www.tenable.com/security/research/tra-2022-01ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2022-01ExploitThird Party Advisory
FAQ
What is CVE-2022-25215?
CVE-2022-25215 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MA...
How severe is CVE-2022-25215?
CVE-2022-25215 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25215?
Check the references section above for vendor advisories and patch information. Affected products include: Phicomm K2 Firmware, Phicomm K2, Phicomm K3 Firmware, Phicomm K3, Phicomm K3C Firmware.