LiveActive security incident?Get immediate response
CVE Record

CVE-2017-11495: PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a reques...

PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

PHICOMM K2 (PSG1218) routers running firmware V22.5.11.5 or earlier reportedly let an unauthenticated remote attacker run commands or force a reboot through an unspecified ASP script. The business concern is loss of control over edge network equipment, but the public record lacks CVSS, CWE, CPE, and vendor fix details.

Executive priority

Treat this as a high-priority edge-device risk if PHICOMM K2 routers are present. Prioritize inventory, exposure reduction, and replacement or vendor-approved remediation because the flaw is unauthenticated and affects network infrastructure.

Technical view

The CVE describes unauthenticated remote code execution in PHICOMM K2 (PSG1218) firmware V22.5.11.5 and earlier via an unspecified ASP script. The same unauthenticated script access can reportedly trigger reboot behavior using an ifType=reboot action. No affected CPEs, CWE mapping, CVSS vector, or patch advisory is provided in the supplied sources.

Likely exposure

Exposure is limited to PHICOMM K2 (PSG1218) devices at V22.5.11.5 or earlier, especially where the router management surface is reachable from untrusted networks. The supplied data does not identify other PHICOMM models or downstream products.

Exploitation context

The sources support unauthenticated RCE and reboot impact, but do not show confirmed active exploitation. CISA KEV status is false in the bundle. A public GitHub reference is cited, but the record is sparse and does not provide a complete exploitation timeline.

Researcher notes

Evidence is source-limited. The CVE description identifies product and version, but structured affected fields are n/a and no CVSS, CWE, CPE, or vendor advisory is included. Avoid broadening scope beyond PHICOMM K2 (PSG1218) V22.5.11.5 and earlier without additional vendor evidence.

Mitigation direction

  • Check PHICOMM or device-provider guidance for firmware updates or replacement advice.
  • Remove internet exposure from router management interfaces.
  • Restrict management access to trusted admin networks or VPN only.
  • Replace unsupported affected devices if no maintained firmware is available.
  • Monitor affected routers for unexpected reboots or configuration changes.

Validation and detection

  • Inventory PHICOMM K2 (PSG1218) routers in all environments.
  • Verify firmware versions and flag V22.5.11.5 or earlier.
  • Confirm management interfaces are not reachable from the internet.
  • Review router logs for unexpected reboot or administrative activity.
  • Document compensating controls for any device awaiting replacement.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2017-11495 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.