Skip to main content

K3 Firmware

7 CVEs product

Monthly

CVE-2022-25219 HIGH POC This Week

A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-25218 HIGH POC This Week

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-25215 MEDIUM POC This Month

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25214 HIGH POC This Week

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
7.4
EPSS
1.5%
CVE-2022-25213 MEDIUM POC This Month

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-8323 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware 330 15Ast Firmware 330 17Ast Firmware +169
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8322 MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware 330 15Ast Firmware 330 17Ast Firmware +48
NVD
CVSS 3.1
6.7
EPSS
0.3%
EPSS 1% CVSS 8.4
HIGH POC This Week

A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure +5
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure +5
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware +3
NVD
EPSS 1% CVSS 7.4
HIGH POC This Week

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware +3
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass K2 Firmware K3 Firmware +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware +171
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Lenovo 330 14Ast Firmware +50
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy