Vulnerabilities (CVE)

Filtered by vendor Phicomm Subscribe
Filtered by product K2\(psg1218\)
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19117 1 Phicomm 2 K2\(psg1218\), K2\(psg1218\) Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
CVE-2017-11495 1 Phicomm 2 K2\(psg1218\), K2\(psg1218\)-firmware 2024-11-21 9.0 HIGH 9.8 CRITICAL
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.