CVE-2022-47732 — HIGH (7.5)

Vulnerability Description

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Yeastar	N824 Firmware	-
Yeastar	N824	-
Yeastar	N412 Firmware	-
Yeastar	N412	-

Related Weaknesses (CWE)

CWE-916

References

https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-paExploitTechnical DescriptionThird Party Advisory
https://www.yeastar.com/n-series-analog-phone-system/ProductVendor Advisory
https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-paExploitTechnical DescriptionThird Party Advisory
https://www.yeastar.com/n-series-analog-phone-system/ProductVendor Advisory

FAQ

What is CVE-2022-47732?

CVE-2022-47732 is a vulnerability with a CVSS score of 7.5 (HIGH). In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Config...

How severe is CVE-2022-47732?

CVE-2022-47732 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-47732?

Check the references section above for vendor advisories and patch information. Affected products include: Yeastar N824 Firmware, Yeastar N824, Yeastar N412 Firmware, Yeastar N412.