CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
References
Link Resource
https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/ Exploit Technical Description Third Party Advisory
https://www.yeastar.com/n-series-analog-phone-system/ Product Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yeastar:n824_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:yeastar:n824:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yeastar:n412_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:yeastar:n412:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-20 17:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-47732

Mitre link : CVE-2022-47732

CVE.ORG link : CVE-2022-47732


JSON object : View

Products Affected

yeastar

  • n824
  • n412
  • n824_firmware
  • n412_firmware
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort