CVE-2022-25213
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
10/03/2022
Last modified:
08/08/2023
Description
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:* | 22.5.9.163 (including) | |
| cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:* | 21.5.37.246 (including) | |
| cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:* | 32.1.15.93 (including) | |
| cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:* | 22.6.3.20 (including) | |
| cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:* | 20.4.1.7 (including) | |
| cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page