CVE-2023-25437

Published: Apr 27, 2023Modified: Jan 31, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.

Affected (1)

Products: Vtech: Vcs754a Firmware

Vtech

1 product

Vcs754a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vtech Vcs754a Firmware	From 1.1.1.a to 1.1.1.h

Running on/with	Platform Versions
Vtech Vcs754a	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://i.imgur.com/aDuiY8q.png

Source: cve@mitre.org

Exploit

https://yechiel.xyz/vulnerability-in-vtechs-vcs754a-business-phones-exposes-sip-credentials

Source: cve@mitre.org

Third Party Advisory

https://i.imgur.com/aDuiY8q.png

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://yechiel.xyz/vulnerability-in-vtechs-vcs754a-business-phones-exposes-sip-credentials

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.