CVE-2022-47732

Exploit

EPSS 0.13%
Veröffentlicht 20.01.2023 17:15:10
Zuletzt bearbeitet 03.04.2025 16:15:29
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yeastar ≫ N824 Firmware Version-

Yeastar ≫ N824 Version-

Yeastar ≫ N412 Firmware Version-

Yeastar ≫ N412 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.295

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/

Third Party Advisory

Exploit

Technical Description

https://www.yeastar.com/n-series-analog-phone-system/

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2022-47732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47732

EUVD