CVE-2022-48072
Phicomm K2G v22.6.3.20 is affected by a command injection vulnerability in the automatic upgrade function, exploitable via the autoUpTime parameter. The root cause is improper handling of input in the upgrade process, allowing arbitrary commands to be executed with the device’s privileges. CVSSv3...