PT-2023-15469 · Yeastar · Yeastar N824 Configuration Panel+3

Publicado

2023-01-20

Atualizado

2023-02-06

CVE-2022-47732

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x

Description An unauthenticated attacker can create a backup file and download it, revealing the admin hash. If the hash is cracked, it allows the attacker to log in to the Configuration Panel. Alternatively, the attacker can replace the hash in the archive and restore it on the device, changing the admin password and granting access to the device.

Recommendations For Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x, update to a version that fixes this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-916

Identificadores relacionados

CVE-2022-47732

Produtos afetados

Yeastar N412

Yeastar N412 Configuration Panel

Yeastar N824

Yeastar N824 Configuration Panel

PT-2023-15469 · Yeastar · Yeastar N824 Configuration Panel+3

CVE-2022-47732

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4