CVE-2022-25215

Summary

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.

Affected Software

VendorProductVersion RangeStatus
n/aPhicomm RoutersK2G A1 >= 22.6.3.20, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20affected

Weaknesses

  • Improper access control leading to denial of service

ADP Enrichment

CVE Program Container

Additional References

References