CVE-2023-42716
CVE-2023-42716
In short
A telephony service fails to properly check user permissions, allowing someone to access sensitive information remotely without needing special privileges. This means unauthorized users could read data they shouldn't have access to.
Technical detail
Missing permission validation in a telephony service enables unauthenticated or low-privileged remote attackers to access confidential information through direct service interaction. The vulnerability stems from inadequate access control checks on sensitive operations, resulting in information disclosure without privilege escalation requirements.
Summary generated and translated by AI from the official description.
In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Unisoc (Shanghai) Technologies Co., Ltd. · SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →