Security readout for executives and security teams
Plain-English summary
PHICOMM K2 (PSG1218) routers running firmware V22.5.11.5 or earlier reportedly let an unauthenticated remote attacker run commands or force a reboot through an unspecified ASP script. The business concern is loss of control over edge network equipment, but the public record lacks CVSS, CWE, CPE, and vendor fix details.
Executive priority
Treat this as a high-priority edge-device risk if PHICOMM K2 routers are present. Prioritize inventory, exposure reduction, and replacement or vendor-approved remediation because the flaw is unauthenticated and affects network infrastructure.
Technical view
The CVE describes unauthenticated remote code execution in PHICOMM K2 (PSG1218) firmware V22.5.11.5 and earlier via an unspecified ASP script. The same unauthenticated script access can reportedly trigger reboot behavior using an ifType=reboot action. No affected CPEs, CWE mapping, CVSS vector, or patch advisory is provided in the supplied sources.
Likely exposure
Exposure is limited to PHICOMM K2 (PSG1218) devices at V22.5.11.5 or earlier, especially where the router management surface is reachable from untrusted networks. The supplied data does not identify other PHICOMM models or downstream products.
Exploitation context
The sources support unauthenticated RCE and reboot impact, but do not show confirmed active exploitation. CISA KEV status is false in the bundle. A public GitHub reference is cited, but the record is sparse and does not provide a complete exploitation timeline.
Researcher notes
Evidence is source-limited. The CVE description identifies product and version, but structured affected fields are n/a and no CVSS, CWE, CPE, or vendor advisory is included. Avoid broadening scope beyond PHICOMM K2 (PSG1218) V22.5.11.5 and earlier without additional vendor evidence.
Mitigation direction
- Check PHICOMM or device-provider guidance for firmware updates or replacement advice.
- Remove internet exposure from router management interfaces.
- Restrict management access to trusted admin networks or VPN only.
- Replace unsupported affected devices if no maintained firmware is available.
- Monitor affected routers for unexpected reboots or configuration changes.
Validation and detection
- Inventory PHICOMM K2 (PSG1218) routers in all environments.
- Verify firmware versions and flag V22.5.11.5 or earlier.
- Confirm management interfaces are not reachable from the internet.
- Review router logs for unexpected reboot or administrative activity.
- Document compensating controls for any device awaiting replacement.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2017-11495 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://github.com/ZIllR0/Routers/blob/master/PHICOMMCVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
