CVE-2022-25215

2022-03-0721:53:11

tenable

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.

CNA Affected

[
  {
    "product": "Phicomm Routers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "K2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2022-01