Description

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.

Related CPE's

a

avdorcis

crystal_quality

-

Vulnerable

References

https://www.gov.il/en/Departments/faq/cve_advisories

ExploitThird Party AdvisoryVDB Entry

https://www.gov.il/en/Departments/faq/cve_advisories

ExploitThird Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-306

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

4.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-09-13T13:15:08.667Z

3 years ago

Last modified

2024-11-21T06:13:41.950Z

1 year ago