Vulnerability Details CVE-2022-25213
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.9%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
Products affected by CVE-2022-25213
-
cpe:2.3:h:phicomm:k2:-
-
cpe:2.3:h:phicomm:k2g:-
-
cpe:2.3:h:phicomm:k2p:-
-
cpe:2.3:h:phicomm:k3:-
-
cpe:2.3:h:phicomm:k3c:-
-
cpe:2.3:o:phicomm:k2_firmware:-
-
cpe:2.3:o:phicomm:k2_firmware:22.5.9.163
-
cpe:2.3:o:phicomm:k2g_firmware:-
-
cpe:2.3:o:phicomm:k2g_firmware:22.6.3.20
-
cpe:2.3:o:phicomm:k2p_firmware:-
-
cpe:2.3:o:phicomm:k2p_firmware:20.4.1.7
-
cpe:2.3:o:phicomm:k3_firmware:-
-
cpe:2.3:o:phicomm:k3_firmware:21.5.37.246
-
cpe:2.3:o:phicomm:k3c_firmware:-
-
cpe:2.3:o:phicomm:k3c_firmware:32.1.15.93