CVE-2022-25213
MEDIUMPhicomm K2/K2G/K2P/K3/K3C Firmware - Unauthenticated Root Shell via UART Port
Title source: llmDescription
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2022-01
Scores
CVSS v3
6.8
EPSS
0.0036
EPSS Percentile
28.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (5)
phicomm/k2_firmware
< 22.5.9.163
phicomm/k2g_firmware
< 22.6.3.20
phicomm/k2p_firmware
< 20.4.1.7
phicomm/k3_firmware
< 21.5.37.246
phicomm/k3c_firmware
< 32.1.15.93
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026