CVE-2022-47732

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-916
View all →

Vulnerability Description

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.

Related Vulnerabilities

CVE-2002-1657

HIGH
CVSS:7.5(High)

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

CWE-9162002

CVE-2008-1526

HIGH
CVSS:7.5(High)

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it ea...

CWE-9162008

CVE-2009-5139

HIGH
CVSS:7.5(High)

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a ...

CWE-9162009

CVE-2014-2560

HIGH
CVSS:7.5(High)

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack,...

CWE-9162014

CVE-2017-18917

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

CWE-9162017

CVE-2019-19766

HIGH
CVSS:7.5(High)

The Bitwarden server through 1.32.0 has a potentially unwanted KDF.

CWE-9162019