CVE-2024-48353

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yealink Meeting Server versions prior to V26.0.0.67

Description The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user authentication data. Specifically, attackers can obtain static key information from a front-end JS file and use it to decrypt plaintext passwords.

Recommendations For versions prior to V26.0.0.67, update to version V26.0.0.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the front-end JS file to minimize the risk of exploitation.

Fix

Information Disclosure

Insecure Storage of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-922CWE-522

Related Identifiers

BDU:2024-07166

CVE-2024-48353

Affected Products

Yealink Meeting Server

CVE-2024-48353

Weakness Enumeration

Related Identifiers

Affected Products

References · 9