CVE-2022-36780

Name of the Vulnerable Software and Affected Versions Avdor CIS - crystal quality (affected versions not specified)

Description The issue concerns a credentials management error in a phone call recorder product, allowing an attacker to hear recorded calls without authenticating to the system. This can be achieved by sending a crafted URL to the system, specifically to the endpoint: "ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number", where number represents the id of the recorded call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.