CVE-2023-40796

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Phicomm k2 version 22.6.529.216

Description The Phicomm k2 router contains a command injection vulnerability via the luci.sys.call function. This issue allows for remote command execution.

Recommendations For Phicomm k2 version 22.6.529.216, consider disabling the luci.sys.call function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2023-40796

Affected Products

Phicomm K2

CVE-2023-40796

Weakness Enumeration

Related Identifiers

Affected Products

References · 8