CVE-2023-25437

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:vtech:vcs754a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:vtech:vcs754a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type Values Removed Values Added
References () https://i.imgur.com/aDuiY8q.png - Exploit () https://i.imgur.com/aDuiY8q.png - Exploit
References () https://yechiel.xyz/vulnerability-in-vtechs-vcs754a-business-phones-exposes-sip-credentials - Third Party Advisory () https://yechiel.xyz/vulnerability-in-vtechs-vcs754a-business-phones-exposes-sip-credentials - Third Party Advisory

Information

Published : 2023-04-27 21:15

Updated : 2024-11-21 07:49


NVD link : CVE-2023-25437

Mitre link : CVE-2023-25437

CVE.ORG link : CVE-2023-25437


JSON object : View

Products Affected

vtech

  • vcs754a_firmware
  • vcs754a
CWE
CWE-319

Cleartext Transmission of Sensitive Information