Details of VAR-202203-0218

ID

VAR-202203-0218

CVE

CVE-2022-25215

TITLE

plural PHICOMM Fraudulent Authentication Vulnerability in Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-006585

DESCRIPTION

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself. k2 firmware, k3 firmware, k3c firmware etc. PHICOMM The product contains an incorrect authentication vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2022-25215 // JVNDB: JVNDB-2022-006585

AFFECTED PRODUCTS

vendor:	phicomm	model:	k3c	scope:	lte	version:	32.1.15.93	Trust: 1.0
vendor:	phicomm	model:	k2p	scope:	lte	version:	20.4.1.7	Trust: 1.0
vendor:	phicomm	model:	k3	scope:	lte	version:	21.5.37.246	Trust: 1.0
vendor:	phicomm	model:	k2g	scope:	lte	version:	22.6.3.20	Trust: 1.0
vendor:	phicomm	model:	k2	scope:	lte	version:	22.5.9.163	Trust: 1.0
vendor:	phicomm	model:	k3	scope:	-	version:	-	Trust: 0.8
vendor:	phicomm	model:	k2	scope:	-	version:	-	Trust: 0.8
vendor:	phicomm	model:	k3c	scope:	-	version:	-	Trust: 0.8
vendor:	phicomm	model:	k2p	scope:	-	version:	-	Trust: 0.8
vendor:	phicomm	model:	k2g	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-006585 // NVD: CVE-2022-25215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25215
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25215
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202203-806
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-25215
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2022-25215
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25215
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-006585 // CNNVD: CNNVD-202203-806 // NVD: CVE-2022-25215

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006585 // NVD: CVE-2022-25215

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-806

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202203-806

PATCH

title:

Phicomm Repair measures for multiple product access control errors and vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185418

Trust: 0.6

sources: CNNVD: CNNVD-202203-806

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25215	Trust: 3.2
db:	TENABLE	id:	TRA-2022-01	Trust: 2.4
db:	JVNDB	id:	JVNDB-2022-006585	Trust: 0.8
db:	CS-HELP	id:	SB2022030909	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-806	Trust: 0.6

sources: JVNDB: JVNDB-2022-006585 // CNNVD: CNNVD-202203-806 // NVD: CVE-2022-25215

REFERENCES

url:	https://www.tenable.com/security/research/tra-2022-01	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25215	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25215/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030909	Trust: 0.6

sources: JVNDB: JVNDB-2022-006585 // CNNVD: CNNVD-202203-806 // NVD: CVE-2022-25215

SOURCES

db:	JVNDB	id:	JVNDB-2022-006585
db:	CNNVD	id:	CNNVD-202203-806
db:	NVD	id:	CVE-2022-25215

LAST UPDATE DATE

2024-11-23T21:50:40.646000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-006585	date:	2023-07-06T08:11:00
db:	CNNVD	id:	CNNVD-202203-806	date:	2022-03-18T00:00:00
db:	NVD	id:	CVE-2022-25215	date:	2024-11-21T06:51:49.300

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-006585	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-806	date:	2022-03-09T00:00:00
db:	NVD	id:	CVE-2022-25215	date:	2022-03-10T17:47:01.490