K3 firmware

This hub aggregates every CVE we track for K3 firmware, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 7 most recently published vulnerabilities affecting K3 firmware.

• CVE-2022-25219A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the rout...8.4Mar 7, 2022
• CVE-2022-25213Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The sam...6.8Mar 7, 2022
• CVE-2022-25215Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those...5.3Mar 7, 2022
• CVE-2022-25218The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control o...8.1Mar 7, 2022
• CVE-2022-25214Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and...7.4Mar 7, 2022
• CVE-2020-8323A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.6.4Jun 9, 2020
• CVE-2020-8322A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.6.4Jun 9, 2020