PT-2023-15559 · Phicomm · Phicomm K2

Published

2023-01-27

Updated

2025-03-28

CVE-2022-48071

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Phicomm K2 version 22.6.534.263

Description The issue concerns the storage of sensitive information. Specifically, the root and admin passwords are stored in plaintext.

Recommendations For Phicomm K2 version 22.6.534.263, consider changing the root and admin passwords to strong, unique ones and avoid using the same password across different systems until a patch is available. As a temporary workaround, restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2022-48071

Affected Products

Phicomm K2

PT-2023-15559 · Phicomm · Phicomm K2

CVE-2022-48071

Weakness Enumeration

Related Identifiers

Affected Products

References · 5