CVE-2022-47732

Sažetak

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

Reference

https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/
https://www.yeastar.com/n-series-analog-phone-system/
https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/
https://www.yeastar.com/n-series-analog-phone-system/

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

03-04-2025 - 16:15

Objavljeno

20-01-2023 - 17:15