In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
References
Link | Resource |
---|---|
https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/ | Exploit Technical Description Third Party Advisory |
https://www.yeastar.com/n-series-analog-phone-system/ | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-20T00:00:00
Updated: 2023-01-20T00:00:00
Reserved: 2022-12-21T00:00:00
Link: CVE-2022-47732
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-01-20T17:15:10.880
Modified: 2023-02-06T19:14:01.360
Link: CVE-2022-47732
JSON object: View
Redhat Information
No data.
CWE