CVE-2022-25215

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
tenableCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
phicommk2_firmware
𝑥
≤ 22.5.9.163
phicommk3_firmware
𝑥
≤ 21.5.37.246
phicommk3c_firmware
𝑥
≤ 32.1.15.93
phicommk2g_firmware
𝑥
≤ 22.6.3.20
phicommk2p_firmware
𝑥
≤ 20.4.1.7
𝑥
= Vulnerable software versions
References
https://www.tenable.com/security/research/tra-2022-01
https://www.tenable.com/security/research/tra-2022-01