PT-2023-15469 · Yeastar · Yeastar N824 Configuration Panel+3

Published

2023-01-20

Updated

2023-02-06

CVE-2022-47732

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x

Description An unauthenticated attacker can create a backup file and download it, revealing the admin hash. If the hash is cracked, it allows the attacker to log in to the Configuration Panel. Alternatively, the attacker can replace the hash in the archive and restore it on the device, changing the admin password and granting access to the device.

Recommendations For Yeastar N412 and N824 Configuration Panel versions 42.x through 45.x, update to a version that fixes this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

CVE-2022-47732

Affected Products

Yeastar N412

Yeastar N412 Configuration Panel

Yeastar N824

Yeastar N824 Configuration Panel

PT-2023-15469 · Yeastar · Yeastar N824 Configuration Panel+3

CVE-2022-47732

Weakness Enumeration

Related Identifiers

Affected Products

References · 4