Details of VAR-202301-2228

ID

VAR-202301-2228

CVE

CVE-2022-48072

TITLE

Phicomm K2G In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-002591

DESCRIPTION

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. Phicomm K2G for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-48072 // JVNDB: JVNDB-2023-002591 // VULMON: CVE-2022-48072

AFFECTED PRODUCTS

vendor:	phicomm	model:	k2	scope:	eq	version:	22.6.3.20	Trust: 1.0
vendor:	phicomm	model:	k2	scope:	eq	version:	-	Trust: 0.8
vendor:	phicomm	model:	k2	scope:	eq	version:	k2 firmware 22.6.3.20	Trust: 0.8

sources: JVNDB: JVNDB-2023-002591 // NVD: CVE-2022-48072

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-48072
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202301-2155
value:	HIGH
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-48072
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002591 // NVD: CVE-2022-48072 // CNNVD: CNNVD-202301-2155

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002591 // NVD: CVE-2022-48072

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-2155

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202301-2155

CONFIGURATIONS

sources: NVD: CVE-2022-48072

PATCH

title:	Top Page	url:	https://www.phicomm.de/	Trust: 0.8
title:	-	url:	https://github.com/live-hack-cve/cve-2022-48072	Trust: 0.1

sources: VULMON: CVE-2022-48072 // JVNDB: JVNDB-2023-002591

EXTERNAL IDS

db:	NVD	id:	CVE-2022-48072	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-002591	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-2155	Trust: 0.6
db:	VULMON	id:	CVE-2022-48072	Trust: 0.1

sources: VULMON: CVE-2022-48072 // JVNDB: JVNDB-2023-002591 // NVD: CVE-2022-48072 // CNNVD: CNNVD-202301-2155

REFERENCES

url:	https://befitting-vinca-933.notion.site/phicomm-k2g-v22-6-3-20-command-injection-vulnerability-36d54f03e35045bba8ec02bb85379614	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-48072	Trust: 1.4
url:	https://befitting-vinca-933.notion.site/cve-2022-48072-phicomm-k2g-v22-6-3-20-command-injection-vulnerability-36d54f03e35045bba8ec02bb85379614	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-48072/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-48072	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-48072 // JVNDB: JVNDB-2023-002591 // NVD: CVE-2022-48072 // CNNVD: CNNVD-202301-2155

SOURCES

db:	VULMON	id:	CVE-2022-48072
db:	JVNDB	id:	JVNDB-2023-002591
db:	NVD	id:	CVE-2022-48072
db:	CNNVD	id:	CNNVD-202301-2155

LAST UPDATE DATE

2023-12-18T11:55:03.061000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-48072	date:	2023-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-002591	date:	2023-07-21T06:20:00
db:	NVD	id:	CVE-2022-48072	date:	2023-02-04T02:05:40.173
db:	CNNVD	id:	CNNVD-202301-2155	date:	2023-02-06T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-48072	date:	2023-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2023-002591	date:	2023-07-21T00:00:00
db:	NVD	id:	CVE-2022-48072	date:	2023-01-27T15:15:10.537
db:	CNNVD	id:	CNNVD-202301-2155	date:	2023-01-27T00:00:00