In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
References
Link | Resource |
---|---|
https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/ | Exploit Technical Description Third Party Advisory |
https://www.yeastar.com/n-series-analog-phone-system/ | Product Vendor Advisory |
Configurations
History
No history.
Information
Published : 2023-01-20 17:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-47732
Mitre link : CVE-2022-47732
CVE.ORG link : CVE-2022-47732
JSON object : View
Products Affected
yeastar
- n824
- n412
- n824_firmware
- n412_firmware
CWE
CWE-916
Use of Password Hash With Insufficient Computational Effort