Overview
- Description
- In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-916
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeastar:n824:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5CAA0551-5F64-4039-985C-264AE0BCF624"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeastar:n824_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E3C0C40-FF41-4FA7-9D1A-5CC26CE703EE"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yeastar:n412:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "94B68D27-784F-4B18-BAC4-3A4AC7F16249"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yeastar:n412_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70CF7C44-A1C9-4452-BF18-F6DCF6923597"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]