CVE-2022-36780

low-risk
Published 2022-09-13

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Crystal Quality

Affected Vendors

Avdorcis

References (2)

Exploit https://www.gov.il/en/Departments/faq/cve_advisories
Exploit https://www.gov.il/en/Departments/faq/cve_advisories
23
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal