Vtech · Bezeq Vtech Nb403-Il · CVE-2022-47848
**Name of the Vulnerable Software and Affected Versions**
Bezeq Vtech NB403-IL version BZ 2.02.07.09.13.01
Vtech IAD604-IL versions BZ 2.02.07.09.13.01, BZ 2.02.07.09.13T, and BZ 2.02.07.09.09T
**Description**
An issue was discovered that allows remote attackers to gain sensitive information via the `rootDesc.xml` page of the UPnP service.
**Recommendations**
For Bezeq Vtech NB403-IL version BZ 2.02.07.09.13.01, consider restricting access to the UPnP service until a patch is available.
For Vtech IAD604-IL versions BZ 2.02.07.09.13.01, BZ 2.02.07.09.13T, and BZ 2.02.07.09.09T, restrict access to the UPnP service to minimize the risk of exploitation.
As a temporary workaround, consider disabling the `rootDesc.xml` page access until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.