PT-2022-24066 · Phicomm · Phicomm Fir300B A2+3
Published
2022-09-07
·
Updated
2022-09-12
·
CVE-2022-37777
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers versions 3.0.1.17 and earlier
Description
A remote command execution issue was found, which can be exploited via the
trHops parameter of the tracert function.Recommendations
For Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers versions 3.0.1.17 and earlier, consider restricting access to the
tracert function until a patch is available. Avoid using the trHops parameter in the affected function to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phicomm Fir151B A2
Phicomm Fir300B A2
Phicomm Fir302E A2
Phicomm Fir303B A2