Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.9 views

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

9.3CVSS6.5AI score0.00978EPSS
Exploits2References1
NVD
NVD
added 2022/03/10 5:47 p.m.19 views

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

9.3CVSS0.00978EPSS
Exploits1References1
Prion
Prion
added 2022/03/10 5:47 p.m.21 views

Design/Logic Flaw

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

6.9CVSS7.9AI score0.00978EPSS
Exploits2References1Affected Software5
CVE
CVE
added 2022/03/07 9:50 p.m.128 views

CVE-2022-25218

The CVE-2022-25218 entry concerns PHICOMM router devices (e.g., K2, K3, K3C) where telnetd_startup uses RSA without OAEP or padding. An unauthenticated attacker on the LAN can craft UDP packets to influence the OpenSSL RSA_public_decrypt() processing, manipulating the telnetd startup state machin...

9.3CVSS8AI score0.00978EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder