PT-2023-15561 · Phicomm · Phicomm K2

Published

2023-01-27

Updated

2025-03-28

CVE-2022-48073

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Phicomm K2G version 22.6.3.20 Phicomm K2 version 22.6.534.263

Description The issue concerns the storage of sensitive information. Specifically, the root and admin passwords are stored in plaintext. This poses a significant security risk as it could allow unauthorized access to the system.

Recommendations For Phicomm K2G version 22.6.3.20, update the firmware to a version that securely stores passwords. For Phicomm K2 version 22.6.534.263, update the firmware to a version that securely stores passwords. As a temporary workaround, consider restricting access to the device and changing the default passwords to minimize the risk of exploitation.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2022-48073

Affected Products

Phicomm K2

PT-2023-15561 · Phicomm · Phicomm K2

CVE-2022-48073

Weakness Enumeration

Related Identifiers

Affected Products

References · 7