PT-2017-12049 · Phicomm · Phicomm K2

Ming Yuan

Published

2017-07-20

Updated

2017-08-15

CVE-2017-11495

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHICOMM K2(PSG1218) devices versions V22.5.11.5 and earlier

Description The issue allows unauthenticated remote code execution via a request to an unspecified ASP script. Alternatively, an attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.

Recommendations For PHICOMM K2(PSG1218) devices versions V22.5.11.5 and earlier, consider restricting access to the unspecified ASP script until a patch is available. As a temporary workaround, avoid using the ifType=reboot action in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-11495

Affected Products

Phicomm K2

PT-2017-12049 · Phicomm · Phicomm K2

CVE-2017-11495

Weakness Enumeration

Related Identifiers

Affected Products

References · 3