CVE-2022-25213

Summary

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.

Affected Software

VendorProductVersion RangeStatus
n/aPhicomm RoutersK3Caffected

Weaknesses

  • Improper physical access control

ADP Enrichment

CVE Program Container

Additional References

References