CVE-2022-25215

EUVD-2022-29914
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
phicommk2_firmware
𝑥
≤ 22.5.9.163
phicommk3_firmware
𝑥
≤ 21.5.37.246
phicommk3c_firmware
𝑥
≤ 32.1.15.93
phicommk2g_firmware
𝑥
≤ 22.6.3.20
phicommk2p_firmware
𝑥
≤ 20.4.1.7
𝑥
= Vulnerable software versions
References
https://www.tenable.com/security/research/tra-2022-01
https://www.tenable.com/security/research/tra-2022-01