CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16221
https://notcve.org/view.php?id=CVE-2018-16221
29 May 2019 — The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). La interfaz web de diagnóstico en Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) no es validado (escape) el path de info... • https://www.sit.fraunhofer.de/de/securitytestlab • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 1CVE-2018-16218
https://notcve.org/view.php?id=CVE-2018-16218
29 May 2019 — A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. Un CSRF (Cross Site Request Forgery) en la interfaz web de Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35, permite que un atacante remoto desencadene la ejecución de código o la modificación de la configuración en el disposi... • https://www.sit.fraunhofer.de/de/securitytestlab • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16217
https://notcve.org/view.php?id=CVE-2018-16217
29 May 2019 — The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. La función de diagnóstico de red (ping) en Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35), le permite a un atacante remoto autenticado desencadenar los comandos del sistema operativo o abrir un shell inverso por medio de la inyección de comandos. • https://www.sit.fraunhofer.de/de/securitytestlab • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 3CVE-2012-1417 – Yealink VOIP Phone - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1417
17 Sep 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. Múltiples vulnerabilidades de XSS en Local Phone book y Blacklist en Yealink VOIP Phones permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo 'user' hacia cgi-bin/ConfigManApp.com. • https://www.exploit-db.com/exploits/18540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2013-5757 – Yealink VoIP Phone SIP-T38G - Local File Inclusion
https://notcve.org/view.php?id=CVE-2013-5757
03 Aug 2014 — Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. Vulnerabilidad de recorrido de directorio absoluto en Yealink VoIP Phone SIP-T38G permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un nombre de ruta completo en la función dumpConfigFile en el parámetro command en cgi-bin/cgiServer.exx. • https://www.exploit-db.com/exploits/33740 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2014-3428 – Yealink VoIP Phones XSS / CRLF Injection
https://notcve.org/view.php?id=CVE-2014-3428
13 Jun 2014 — Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. Vulnerabilidad de XSS en Yealink VoIP Phones con firmware 28.72.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro model en servlet. Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and ... • https://packetstorm.news/files/id/127081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 7CVE-2013-5758 – Yealink VoIP Phone SIP-T38G - Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-5758
13 Jun 2014 — cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. cgi-bin/cgiServer.exx en Yealink VoIP Phone SIP-T38G permite a usuarios remotos autenticados ejecutar comandos arbitrarios mediante la llamada al método del sistema en el cuerpo de una solicitud, tal y como fue demostrado mediante la pue... • https://packetstorm.news/files/id/127096 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2013-5756 – Yealink VoIP Phone SIP-T38G - Local File Inclusion
https://notcve.org/view.php?id=CVE-2013-5756
13 Jun 2014 — Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. Vulnerabilidad de salto de directorio en Yealink VoIP Phone SIP-T38G permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro page en cgi-bin/cgiServer.exx. Yealink VoIP phone version SIP-T38G suffers from a local file inclusion vulnerability. • https://packetstorm.news/files/id/127095 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 3CVE-2013-5755 – Yealink VoIP Phone SIP-T38G - Default Credentials
https://notcve.org/view.php?id=CVE-2013-5755
13 Jun 2014 — config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. config/.htpasswd en Yealink IP Phone SIP-T38G tiene la contraseña embebida de (1) user (s7C9Cx.rLsWFA) para la cuenta de user, (2) admin (uoCbM.VEiKQto) para la cuenta de admin y (3) var (jhl3iZAe./qXM) para ... • https://packetstorm.news/files/id/127094 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 4CVE-2014-3427 – Yealink VoIP Phones - '/servlet' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2014-3427
13 Jun 2014 — CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet. Vulnerabilidad de inyección CRLF en Yealink VoIP Phones con firmware 28.72.0.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuesta HTTP a través del parámetro model en servlet. Yealink VoIP Phones suffer from CRLF injection and cross site scri... • https://packetstorm.news/files/id/127081 •