Vulnerability Description
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phicomm | K2 Firmware | <= 22.5.9.163 |
| Phicomm | K2 | - |
| Phicomm | K3 Firmware | <= 21.5.37.246 |
| Phicomm | K3 | - |
| Phicomm | K3C Firmware | <= 32.1.15.93 |
| Phicomm | K3C | - |
| Phicomm | K2G Firmware | <= 22.6.3.20 |
| Phicomm | K2G | - |
| Phicomm | K2P Firmware | <= 20.4.1.7 |
| Phicomm | K2P | - |
References
- https://www.tenable.com/security/research/tra-2022-01ExploitThird Party Advisory
- https://www.tenable.com/security/research/tra-2022-01ExploitThird Party Advisory
FAQ
What is CVE-2022-25219?
CVE-2022-25219 is a vulnerability with a CVSS score of 8.4 (HIGH). A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router,...
How severe is CVE-2022-25219?
CVE-2022-25219 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25219?
Check the references section above for vendor advisories and patch information. Affected products include: Phicomm K2 Firmware, Phicomm K2, Phicomm K3 Firmware, Phicomm K3, Phicomm K3C Firmware.