CVE-2023-0352

Name of the Vulnerable Software and Affected Versions Akuvox E11 (affected versions not specified)

Description The issue concerns the Akuvox E11 password recovery webpage, which can be accessed without proper authentication. This allows an attacker to download the device key file and subsequently reset the password to its default setting.

Recommendations For Akuvox E11, restrict access to the password recovery webpage until a fix is available. As a temporary workaround, consider disabling the password recovery feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.