Vulnerability Details CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.166
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2019-19117
-
cpe:2.3:h:phicomm:k2(psg1218):-
-
cpe:2.3:o:phicomm:k2(psg1218)_firmware:22.5.9.163