Main Vulnerability Database Vulnerabilities #VU73253

#VU73253 Storing passwords in a recoverable format in Akuvox E11 - CVE-2023-0353

Published: March 13, 2023

Vulnerability identifier: #VU73253

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-0353

CWE-ID: CWE-257

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Akuvox E11

Software vendor:
Akuvox

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the affected product uses a weak encryption algorithm for stored passwords and a hard-coded password for decryption. A remote attacker can cause the encrypted passwords to be decrypted from the configuration file.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms

#VU73253 Storing passwords in a recoverable format in Akuvox E11 - CVE-2023-0353

Description

Remediation

External links

Please verify you're human