CVE-2022-25217

Name of the Vulnerable Software and Affected Versions K2 firmware version 22.5.9.163 K3C firmware version 32.1.15.93

Description The issue allows an attacker on the local area network to obtain a root shell on the device over telnet due to the use of a hard-coded cryptographic key pair by the telnetd startup service. An attacker in possession of the leaked private key can instruct telnetd startup to spawn an unauthenticated telnet shell as root through a scripted exchange of UDP packets, resulting in complete control of the device.

Recommendations For K2 firmware version 22.5.9.163, consider disabling the telnetd startup service until a patch is available. For K3C firmware version 32.1.15.93, restrict access to the telnet shell to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.