virus logo Intrusion Prevention

vTech.VCS754.CVE-2023-25437.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure vulnerability in vTech VCS754.
The vulnerability is due to the configuration web client for the device passing the account password in cleartext in webpage html. This allows the attacker to use the account credentials to gain escalated privileges and sensitive information.

affected-products-logoAffected Products

vTech VCS754 version 1.1.1.A before 1.1.1.H

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor. VCS754a phones with firmware versions newer than 1.1.1.A are no longer affected by this vulnerability.
https://yechiel.xyz/vulnerability-in-vtechs-vcs754a-business-phones-exposes-sip-credentials

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-03-25 27.754 Default_action:pass:drop
2024-03-14 27.749
ID 53103
Created Mar 06, 2024
Updated Mar 14, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2023-25437
Exploit Prediction Score 0.06%
Default Action drop
Active
Affected OS Other
Affected App Other