CVE-2022-47732

Exploit

EPSS 0.13%
Published 20.01.2023 17:15:10
Last modified 03.04.2025 16:15:29
Source cve@mitre.org
Teams watchlist Login
Open Login

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Yeastar ≫ N824 Firmware Version-

Yeastar ≫ N824 Version-

Yeastar ≫ N412 Firmware Version-

Yeastar ≫ N412 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.295

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/

Third Party Advisory

Exploit

Technical Description

https://www.yeastar.com/n-series-analog-phone-system/

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2022-47732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47732

EUVD