{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T06:48:02.833","vulnerabilities":[{"cve":{"id":"CVE-2022-36780","sourceIdentifier":"cna@cyber.gov.il","published":"2022-09-13T15:15:08.667","lastModified":"2026-06-17T04:53:57.917","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number."},{"lang":"es","value":"Avdor CIS - crystal quality. Errores de Administración de Credenciales. El producto es un grabador de llamadas telefónicas, pueden escucharse todas las llamadas grabadas sin autenticarse en el sistema. El atacante envía una URL diseñada al sistema: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id del número grabado"}],"affected":[{"source":"cna@cyber.gov.il","affectedData":[{"vendor":"Avdor CIS","product":"crystal quality","versions":[{"version":"Update to the latest version","lessThan":"unspecified","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cna@cyber.gov.il","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.5,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:avdorcis:crystal_quality:-:*:*:*:*:*:*:*","matchCriteriaId":"B48A54B0-CE93-4B18-A440-247F4662FA26"}]}]}],"references":[{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"cna@cyber.gov.il","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}