CVE-2022-36780 MEDIUM

CVE-2022-36780: Avdor CIS - crystal quality Credentials Management Errors

Vendor Avdor Cis
Product crystal quality
Published September 13, 2022
Last update September 17, 2024

CVSS base score

4.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
September 17, 2024 Record updated