CVE-2022-47732
Last modified
CVE-2022-47732 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.. EPSS estimates a 0.54% chance of exploitation in the next 30 days.
Description
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yeastar | N824 Firmware | All versions |
| Yeastar | N412 Firmware | All versions |
References
- https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/Exploit, Technical Description, Third Party Advisory
- https://www.yeastar.com/n-series-analog-phone-system/Product, Vendor Advisory
- https://www.swascan.com/security-advisory-yeastar-n412-and-n824-configuration-panel/Exploit, Technical Description, Third Party Advisory
- https://www.yeastar.com/n-series-analog-phone-system/Product, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-47732?
How severe is CVE-2022-47732?
How do I fix CVE-2022-47732?
Are you affected by CVE-2022-47732?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST