CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yeastar:n824_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:yeastar:n824:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yeastar:n412_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:yeastar:n412:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:32

Type Values Removed Values Added
Summary
  • (es) En Yeastar N412 y N824 Configuration Panel 42.x y 45.x, un atacante no autenticado puede crear un archivo de respaldo y descargarlo, revelando el hash de administrador, permitiendo, una vez descifrado, iniciar sesión dentro del Panel de configuración; de lo contrario, reemplazando el hash en el archivo. y restaurarlo en el dispositivo, lo que cambiará la contraseña de administrador y otorgará acceso al dispositivo.
References () https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/ - Exploit, Technical Description, Third Party Advisory () https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/ - Exploit, Technical Description, Third Party Advisory
References () https://www.yeastar.com/n-series-analog-phone-system/ - Product, Vendor Advisory () https://www.yeastar.com/n-series-analog-phone-system/ - Product, Vendor Advisory

Information

Published : 2023-01-20 17:15

Updated : 2024-11-21 07:32


NVD link : CVE-2022-47732

Mitre link : CVE-2022-47732

CVE.ORG link : CVE-2022-47732


JSON object : View

Products Affected

yeastar

  • n412_firmware
  • n824
  • n824_firmware
  • n412
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort