CVE-2017-11495

Name of the Vulnerable Software and Affected Versions PHICOMM K2(PSG1218) devices versions V22.5.11.5 and earlier

Description The issue allows unauthenticated remote code execution via a request to an unspecified ASP script. Alternatively, an attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.

Recommendations For PHICOMM K2(PSG1218) devices versions V22.5.11.5 and earlier, consider restricting access to the unspecified ASP script until a patch is available. As a temporary workaround, avoid using the ifType=reboot action in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.