{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-07T16:27:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/SLoSnow9879/Phicomm_Router/blob/main/Tracert_1.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37780", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/SLoSnow9879/Phicomm_Router/blob/main/Tracert_1.md", "refsource": "MISC", "url": "https://github.com/SLoSnow9879/Phicomm_Router/blob/main/Tracert_1.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37780", "datePublished": "2022-09-07T16:27:06", "dateReserved": "2022-08-08T00:00:00", "dateUpdated": "2022-09-07T16:27:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:fir151b_firmware:3.0.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "9930251F-3129-4693-8EBE-C8B7ED6851F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:fir151b:a2:*:*:*:*:*:*:*", "matchCriteriaId": "C19A2F00-33C6-43B1-85CA-96371C89016F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:fir302e_firmware:3.0.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "A5E667E6-1AD9-422D-A42F-12207516B787", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:fir302e:a2:*:*:*:*:*:*:*", "matchCriteriaId": "426912D9-0FE3-4698-99CE-F38197D50C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:fir300b_firmware:3.0.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "8D7FF0A8-0BD1-44C3-8CC2-6C3FA1512712", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:fir300b:a2:*:*:*:*:*:*:*", "matchCriteriaId": "00FE9576-A53C-4CDB-A13B-754AEA9705E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phicomm:fir303b_firmware:3.0.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "D7042ED4-66F0-45EB-85E4-F285E50EC8EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phicomm:fir303b:a2:*:*:*:*:*:*:*", "matchCriteriaId": "C01C9916-B30E-4DCA-B4C1-311C983AA8DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function."}, {"lang": "es", "value": "Se ha detectado que los routers Phicomm FIR151B A2, FIR302E A2, FIR300B A2 versi\u00f3n V3.0.1.17 contienen una vulnerabilidad de ejecuci\u00f3n de comandos remota (RCE) por medio del par\u00e1metro pingAddr de la funci\u00f3n tracert"}], "id": "CVE-2022-37780", "lastModified": "2022-09-12T18:41:30.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-07T17:15:08.717", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/SLoSnow9879/Phicomm_Router/blob/main/Tracert_1.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}