{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:18:02.104","vulnerabilities":[{"cve":{"id":"CVE-2022-25219","sourceIdentifier":"vulnreport@tenable.com","published":"2022-03-10T17:47:02.457","lastModified":"2024-11-21T06:51:49.703","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)."},{"lang":"es","value":"Se ha detectado un error de interacción de bytes nulos en el código que el demonio telnetd_startup usa para construir un par de contraseñas efímeras que permiten a un usuario generar un servicio de telnet en el router, y para asegurar que el servicio de telnet persiste tras el reinicio. Por medio de un intercambio diseñado de paquetes UDP, un atacante no autenticado en la red local puede aprovechar este error de interacción de bytes nulos de tal manera que haga que esas contraseñas efímeras sean predecibles (con una probabilidad de 1 en 94). Dado que el atacante debe manipular los datos procesados por la función RSA_public_decrypt() de OpenSSL, una explotación con éxito de esta vulnerabilidad depende del uso de un cifrado RSA sin relleno (CVE-2022-25218)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phicomm:k2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"22.5.9.163","matchCriteriaId":"66980EB4-9FEC-451F-93F1-3E275CD6A462"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*","matchCriteriaId":"26A205A0-3616-4CD9-A7B8-FEA63742ABE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phicomm:k3_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"21.5.37.246","matchCriteriaId":"4C6D3940-9C77-4A8C-AD55-6857491B43B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phicomm:k3:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFD131E-E41A-44BD-81B5-A1A10E64D88B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phicomm:k3c_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"32.1.15.93","matchCriteriaId":"3319332E-25E6-4148-9A57-15FCF51C0413"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phicomm:k3c:-:*:*:*:*:*:*:*","matchCriteriaId":"4D47C172-F2F6-451F-8891-D150DBBA181C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phicomm:k2g_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"22.6.3.20","matchCriteriaId":"D4737564-B92D-408E-81EC-598B76EE347F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phicomm:k2g:-:*:*:*:*:*:*:*","matchCriteriaId":"1C8AE809-CB81-4CEB-B383-0461E3885892"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phicomm:k2p_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"20.4.1.7","matchCriteriaId":"8CE04942-4274-4A96-95E4-4838AAAC09A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:phicomm:k2p:-:*:*:*:*:*:*:*","matchCriteriaId":"F80A65CA-B4F2-4912-B991-1D60869D5CB9"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2022-01","source":"vulnreport@tenable.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2022-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}