CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/	Exploit Technical Description Third Party Advisory
https://www.yeastar.com/n-series-analog-phone-system/	Product Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:yeastar:n824_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:yeastar:n824:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:yeastar:n412_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:yeastar:n412:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-20 17:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-47732

Mitre link : CVE-2022-47732

CVE.ORG link : CVE-2022-47732

JSON object : View

Products Affected

yeastar

n824
n412
n824_firmware
n412_firmware

CWE

CWE-916

Use of Password Hash With Insufficient Computational Effort

{"id": "CVE-2022-47732", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-20T17:15:10.880", "references": [{"url": "https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.yeastar.com/n-series-analog-phone-system/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-916"}]}], "descriptions": [{"lang": "en", "value": "In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device."}], "lastModified": "2023-02-06T19:14:01.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yeastar:n824_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E3C0C40-FF41-4FA7-9D1A-5CC26CE703EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yeastar:n824:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CAA0551-5F64-4039-985C-264AE0BCF624"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yeastar:n412_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70CF7C44-A1C9-4452-BF18-F6DCF6923597"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yeastar:n412:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94B68D27-784F-4B18-BAC4-3A4AC7F16249"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}