{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25219", "ASSIGNER": "vulnreport@tenable.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "Phicomm Routers", "version": { "version_data": [ { "version_value": "K3 >= 21.5.37.246, K3C >= 32.1.22.113, K2P >= 20.4.1.7, K2 A7 >= 22.6.506.28, K2G A1 >= 22.6.3.20" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Null Byte Interaction Error" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2022-01", "url": "https://www.tenable.com/security/research/tra-2022-01" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218)." } ] } }